[PATCH 0/3] crypto: add JSON Web Token (JWT) support

[PATCH 0/3] crypto: add JSON Web Token (JWT) support

[Ahmad Fatoum]

JSON Web Token is a proposed Internet standard for creating tokens with
optional signature and/or optional encryption whose payload holds JSON that
asserts some number of claims. The tokens are signed either using a private
secret or a public/private key.

In the context of barebox, a JSON Web Token can be used as unlock token
for a system: By default, the system would be locked and only boot
signed payloads, but when a valid unlock token is provided, board code
can selectively allow access to disallowed features, such as booting
unsigned payloads or provide access to the console and shell.

This series adds first support for JSON Web Tokens on top of the already
existing JSON support. RS256 is the only currently supported format, but
more may be added in future. In lieu of upstreaming board code making
use of this, a selftest is added that decodes a JSON Web token after
verifying it and asserts that the claim contained inside are as expected.

Ahmad Fatoum (3):
  lib: base64: add support for base64url
  crypto: add JSON Web Token (JWT) support
  test: self: add JSON Web Token tests

 crypto/Kconfig                   |   6 +
 crypto/Makefile                  |   2 +
 crypto/jwt.c                     | 241 +++++++++++++++++++++++++++++++
 include/base64.h                 |   1 +
 include/crypto/jwt.h             |  55 +++++++
 lib/base64.c                     |  60 +++++++-
 test/self/Kconfig                |   7 +
 test/self/Makefile               |  11 +-
 test/self/jwt.c                  | 157 ++++++++++++++++++++
 test/self/jwt_test.pem           |  37 +++++
 test/self/jwt_test.pem.c_shipped |  49 +++++++
 11 files changed, 620 insertions(+), 6 deletions(-)
 create mode 100644 crypto/jwt.c
 create mode 100644 include/crypto/jwt.h
 create mode 100644 test/self/jwt.c
 create mode 100644 test/self/jwt_test.pem
 create mode 100644 test/self/jwt_test.pem.c_shipped

-- 
2.39.2

[PATCH 1/3] lib: base64: add support for base64url

[Ahmad Fatoum]

base64url has some small differences to our current base64 implementation:

  - Instead of encoding to `+', `-' is used
  - Instead of encoding to `/', `_' is used
  - Padding with = to reach four byte boundary is optional
  - Invalid characters aren't silently skipped

Everything else is the same though, so let's reuse the code and have an
optional url bool parameter control whether to decode base64 or
base64url.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 include/base64.h |  1 +
 lib/base64.c     | 60 ++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 56 insertions(+), 5 deletions(-)

diff --git a/include/base64.h b/include/base64.h
index 993a366b48b0..7da35e21bac5 100644
--- a/include/base64.h
+++ b/include/base64.h
@@ -5,6 +5,7 @@
 
 void uuencode(char *p, const char *src, int length);
 int decode_base64(char *dst, int dst_len, const char *src);
+int decode_base64url(char *dst, int dst_len, const char *src);
 
 #define BASE64_LENGTH(len)	(4 * (((len) + 2) / 3))
 
diff --git a/lib/base64.c b/lib/base64.c
index ac165ab168c4..d5ab217528db 100644
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -25,6 +25,25 @@ static const char uuenc_tbl_base64[65 + 1] = {
 	'\0' /* needed for uudecode.c only */
 };
 
+static char base64_trchr(char ch, bool url)
+{
+	if (!url)
+		return ch;
+
+	switch (ch) {
+	case '+':
+		return '-';
+	case '/':
+		return '_';
+	case '-':
+		return '+';
+	case '_':
+		return '/';
+	default:
+		return ch;
+	}
+}
+
 /*
  * Encode bytes at S of length LENGTH to uuencode or base64 format and place it
  * to STORE.  STORE will be 0-terminated, and must point to a writable
@@ -68,13 +87,14 @@ EXPORT_SYMBOL(uuencode);
  * Decode base64 encoded string. Stops on '\0'.
  *
  */
-int decode_base64(char *p_dst, int dst_len, const char *src)
+static int __decode_base64(char *p_dst, int dst_len, const char *src, bool url)
 {
 	const char *src_tail;
 	char *dst = p_dst;
 	int length = 0;
+	bool end_reached = false;
 
-	while (dst_len > 0) {
+	while (dst_len > 0 && !end_reached) {
 		unsigned char six_bit[4];
 		int count = 0;
 
@@ -101,13 +121,23 @@ int decode_base64(char *p_dst, int dst_len, const char *src)
 					 * because we did fully decode
 					 * the string (to "ABC").
 					 */
-					if (count == 0)
+					if (count == 0) {
 						src_tail = src;
+					} else if (url) {
+						end_reached = true;
+						goto out;
+					}
+
 					goto ret;
 				}
 				src++;
-				table_ptr = strchr(uuenc_tbl_base64, ch);
-			} while (!table_ptr);
+				table_ptr = strchr(uuenc_tbl_base64, base64_trchr(ch, url));
+			} while (!table_ptr && !url);
+
+			if (!table_ptr) {
+				end_reached = true;
+				goto out;
+			}
 
 			/* Convert encoded character to decimal */
 			ch = table_ptr - uuenc_tbl_base64;
@@ -119,6 +149,7 @@ int decode_base64(char *p_dst, int dst_len, const char *src)
 			six_bit[count] = ch;
 			count++;
 		}
+out:
 
 		/*
 		 * Transform 6-bit values to 8-bit ones.
@@ -151,4 +182,23 @@ int decode_base64(char *p_dst, int dst_len, const char *src)
 
 	return length;
 }
+
+/*
+ * Decode base64 encoded string. Stops on '\0'.
+ *
+ */
+int decode_base64(char *p_dst, int dst_len, const char *src)
+{
+	return __decode_base64(p_dst, dst_len, src, false);
+}
 EXPORT_SYMBOL(decode_base64);
+
+/*
+ * Decode base64url encoded string. Stops on '\0'.
+ *
+ */
+int decode_base64url(char *p_dst, int dst_len, const char *src)
+{
+	return __decode_base64(p_dst, dst_len, src, true);
+}
+EXPORT_SYMBOL(decode_base64url);
-- 
2.39.2

[PATCH 2/3] crypto: add JSON Web Token (JWT) support

[Ahmad Fatoum]

JSON Web Token is a proposed Internet standard for creating tokens with
optional signature and/or optional encryption whose payload holds JSON that
asserts some number of claims. The tokens are signed either using a private
secret or a public/private key.

In the context of barebox, a JSON Web Token can be used as unlock token
for a system: By default, the system would be locked and only boot
signed payloads, but when a valid unlock token is provided, board code
can selectively allow access to disallowed features, such as booting
unsigned payloads or provide access to the console and shell.

This commit adds first support for JSON Web Tokens on top of the already
existing JSON support. RS256 is the only currently supported format, but
more may be added in future.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 crypto/Kconfig       |   6 ++
 crypto/Makefile      |   2 +
 crypto/jwt.c         | 241 +++++++++++++++++++++++++++++++++++++++++++
 include/crypto/jwt.h |  55 ++++++++++
 4 files changed, 304 insertions(+)
 create mode 100644 crypto/jwt.c
 create mode 100644 include/crypto/jwt.h

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 4ad7bd844fa1..d1360a2101b3 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -147,4 +147,10 @@ config CRYPTO_KEYSTORE
 	  This is a simple keystore, which can be used to pass keys
 	  between several components via simple interface.
 
+config JWT
+	bool "JSON Web Token support" if COMPILE_TEST
+	select JSMN
+	select BASE64
+	select CRYPTO_RSA
+
 endmenu
diff --git a/crypto/Makefile b/crypto/Makefile
index 4a1c7e9615b8..cf041dd6b3ed 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -19,6 +19,8 @@ obj-$(CONFIG_CRYPTO_PBKDF2)	+= pbkdf2.o
 obj-$(CONFIG_CRYPTO_RSA)	+= rsa.o
 obj-$(CONFIG_CRYPTO_KEYSTORE)	+= keystore.o
 
+obj-$(CONFIG_JWT)		+= jwt.o
+
 extra-$(CONFIG_CRYPTO_RSA_BUILTIN_KEYS) += rsa-keys.h
 
 ifdef CONFIG_CRYPTO_RSA_BUILTIN_KEYS
diff --git a/crypto/jwt.c b/crypto/jwt.c
new file mode 100644
index 000000000000..146ddeff1e8b
--- /dev/null
+++ b/crypto/jwt.c
@@ -0,0 +1,241 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#define pr_fmt(fmt) "jwt: " fmt
+
+#include <crypto/jwt.h>
+#include <rsa.h>
+#include <errno.h>
+#include <linux/printk.h>
+#include <base64.h>
+#include <jsmn.h>
+#include <linux/ctype.h>
+
+#define JP(...)	(const char *[]) { __VA_ARGS__, NULL }
+
+static enum hash_algo digest_algo_by_jwt_alg(enum jwt_alg alg)
+{
+	switch (alg) {
+		case JWT_ALG_RS256:
+			return HASH_ALGO_SHA256;
+		case JWT_ALG_RS384:
+			return HASH_ALGO_SHA384;
+		case JWT_ALG_RS512:
+			return HASH_ALGO_SHA512;
+		default:
+			BUG();
+	}
+}
+
+static u8 *do_hash(const u8 *buf, size_t len, enum hash_algo algo)
+{
+	struct digest *digest;
+	int ret = 0;
+	u8 *hash;
+
+	digest = digest_alloc_by_algo(algo);
+	if (!digest) {
+		pr_err("signature algorithm not supported\n");
+		return ERR_PTR(-ENOSYS);
+	}
+
+	hash = xzalloc(digest_length(digest));
+	ret = digest_digest(digest, buf, len, hash);
+	digest_free(digest);
+
+	if (ret) {
+		free(hash);
+		return ERR_PTR(ret);
+	}
+
+	return hash;
+}
+
+static int jwt_part_parse(struct jwt_part *part, const char *content, size_t len)
+{
+	size_t decoded_len;
+
+	part->content = xmalloc(len);
+	decoded_len = decode_base64url(part->content, len, content);
+	part->content[decoded_len] = '\0';
+	part->tokens = jsmn_parse_alloc(part->content, decoded_len, &part->token_count);
+	if (!part->tokens) {
+		free(part->content);
+		return -EILSEQ;
+	}
+
+	return 0;
+}
+
+static void jwt_part_free(struct jwt_part *part)
+{
+	free(part->tokens);
+	free(part->content);
+}
+
+static const char *jwt_alg_names[] = {
+	[JWT_ALG_NONE]   = "none",
+	[JWT_ALG_HS256]  = "HS256",
+	[JWT_ALG_HS384]  = "HS384",
+	[JWT_ALG_HS512]  = "HS512",
+	[JWT_ALG_PS256]  = "PS256",
+	[JWT_ALG_PS384]  = "PS384",
+	[JWT_ALG_PS512]  = "PS512",
+	[JWT_ALG_RS256]  = "RS256",
+	[JWT_ALG_RS384]  = "RS384",
+	[JWT_ALG_RS512]  = "RS512",
+	[JWT_ALG_ES256]  = "ES256",
+	[JWT_ALG_ES256K] = "ES256K",
+	[JWT_ALG_ES384]  = "ES384",
+	[JWT_ALG_ES512]  = "ES512",
+	[JWT_ALG_EDDSA]  = "EDDSA",
+};
+
+static bool jwt_header_ok(struct jwt *jwt, enum jwt_alg alg)
+{
+	struct jwt_part *header = &jwt->header;
+	const jsmntok_t *token;
+
+	token = jsmn_locate(JP("typ"), header->content, header->tokens);
+	if (!token)
+		return false;
+
+	if (!jsmn_strcase_eq("JWT", header->content, token))
+		return false;
+
+	if (alg >= ARRAY_SIZE(jwt_alg_names))
+		return false;
+
+	token = jsmn_locate(JP("alg"), header->content, header->tokens);
+	if (!token)
+		return false;
+
+	return jsmn_strcase_eq(jwt_alg_names[alg], header->content, token);
+}
+
+void jwt_free(struct jwt *jwt)
+{
+	jwt_part_free(&jwt->payload);
+	jwt_part_free(&jwt->header);
+	free(jwt);
+}
+
+const char *jwt_split(const char *token,
+		      const char **payload, const char **signature, const char **end)
+{
+	const char *p, *p_end;
+
+	token = skip_spaces(token);
+
+	p = strchr(token, '.');
+	if (!p)
+		return ERR_PTR(-EINVAL);
+	if (payload)
+		*payload = ++p;
+
+	p = strchr(p, '.');
+	if (!p)
+		return ERR_PTR(-EINVAL);
+	if (signature)
+		*signature = ++p;
+
+	/* seek to first space or '\0' */
+	for (p_end = p; *p_end && !isspace(*p_end); p_end++)
+		;
+
+	/* ensure the trailing spaces aren't followed by anything */
+	if (*skip_spaces(p_end) != '\0')
+		return ERR_PTR(-EINVAL);
+
+	*end = p_end;
+
+	return token;
+}
+
+struct jwt *jwt_decode(const char *token, const struct jwt_key *key)
+{
+	const char *alg_name = jwt_alg_names[key->alg];
+	enum hash_algo hash_algo;
+	const char *payload, *signature, *end;
+	u8 *sigbin;
+	size_t sig_len, sigbin_len;
+	struct jwt *jwt;
+	u8 *hash;
+	int ret;
+
+	token = jwt_split(token, &payload, &signature, &end);
+	if (IS_ERR(token))
+		return ERR_CAST(token);
+
+	sig_len = end - signature;
+
+	switch (key->alg) {
+	case JWT_ALG_RS256:
+	case JWT_ALG_RS384:
+	case JWT_ALG_RS512:
+		if (sig_len == 0)
+			return ERR_PTR(-EILSEQ);
+
+		sigbin = xzalloc(sig_len);
+		sigbin_len = decode_base64url(sigbin, sig_len, signature);
+
+		hash_algo = digest_algo_by_jwt_alg(key->alg);
+		hash = do_hash(token, signature - token - 1, hash_algo);
+		if (IS_ERR(hash)) {
+			free(sigbin);
+			return ERR_CAST(hash);
+		}
+
+		ret = rsa_verify(key->material.rsa_pub, sigbin, sigbin_len, hash,
+				 hash_algo);
+		free(hash);
+		free(sigbin);
+		if (ret < 0) {
+			pr_debug("%s signature does not match: %pe\n",
+				 alg_name, ERR_PTR(ret));
+			return ERR_PTR(ret);
+		}
+
+		break;
+	default:
+		return ERR_PTR(-ENOSYS);
+	}
+
+	pr_debug("verification for algo %s ok\n", alg_name);
+
+	jwt = xzalloc(sizeof(*jwt));
+
+	ret = jwt_part_parse(&jwt->header, token, payload - token - 1);
+	if (ret || !jwt_header_ok(jwt, key->alg)) {
+		ret = ret ?: -EINVAL;
+		pr_debug("failed to parse header: %pe\n", ERR_PTR(ret));
+		goto err;
+	}
+
+	ret = jwt_part_parse(&jwt->payload, payload, signature - payload - 1);
+	if (ret) {
+		ret = ret ?: -EINVAL;
+		pr_debug("failed to parse payload: %pe\n", ERR_PTR(ret));
+		goto err;
+	}
+
+	return jwt;
+
+err:
+	jwt_free(jwt);
+	return ERR_PTR(ret);
+}
+
+const char *jwt_get_payload(const struct jwt *t)
+{
+	return t->payload.content;
+}
+
+const jsmntok_t *jwt_get_claim(const struct jwt *t, const char *claim)
+{
+	return jsmn_locate(JP(claim), t->payload.content, t->payload.tokens);
+}
+
+char *jwt_get_claim_str(const struct jwt *t, const char *claim)
+{
+	return jsmn_strdup(JP(claim), t->payload.content, t->payload.tokens);
+}
diff --git a/include/crypto/jwt.h b/include/crypto/jwt.h
new file mode 100644
index 000000000000..4e20b5950e69
--- /dev/null
+++ b/include/crypto/jwt.h
@@ -0,0 +1,55 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __JWT_H_
+#define __JWT_H_
+
+#include <linux/types.h>
+#include <jsmn.h>
+
+enum jwt_alg {
+	JWT_ALG_NONE,
+	JWT_ALG_HS256,
+	JWT_ALG_HS384,
+	JWT_ALG_HS512,
+	JWT_ALG_PS256,
+	JWT_ALG_PS384,
+	JWT_ALG_PS512,
+	JWT_ALG_RS256, /* supported */
+	JWT_ALG_RS384, /* supported */
+	JWT_ALG_RS512, /* supported */
+	JWT_ALG_ES256,
+	JWT_ALG_ES256K,
+	JWT_ALG_ES384,
+	JWT_ALG_ES512,
+	JWT_ALG_EDDSA,
+};
+
+struct jwt_key {
+	enum jwt_alg alg;
+	union {
+		const struct rsa_public_key *rsa_pub;
+	} material;
+};
+
+struct jwt_part {
+	char *content;
+	int token_count;
+	jsmntok_t *tokens;
+};
+
+struct jwt {
+	struct jwt_part header;
+	struct jwt_part payload;
+};
+
+const char *jwt_split(const char *token,
+		      const char **payload, const char **signature, const char **end);
+
+struct jwt *jwt_decode(const char *token, const struct jwt_key *key);
+void jwt_free(struct jwt *jwt);
+
+const char *jwt_get_payload(const struct jwt *t);
+
+const jsmntok_t *jwt_get_claim(const struct jwt *t, const char *claim);
+char *jwt_get_claim_str(const struct jwt *t, const char *claim);
+
+#endif
-- 
2.39.2

[PATCH 3/3] test: self: add JSON Web Token tests

[Ahmad Fatoum]

This simple test decodes a JSON Web token after verifying it and asserts
that the claim contained inside are as expected.

The RSA public key is the one used by https://jwt.io/ by default and
thus allowing easy experimentation. For future extensibility of the
tests, the private key is appended, but is not currently used.

As rsatoc has a build-time openssl dependency, which we would complicate
running the test suite everywhere, we ship a precompiled C file.

To regenerate, REGENERATE_RSATOC can be specified as build argument.
The reason, we don't use the standard make mechanism of file timestamps
is that after a git checkout, we aren't guaranteed that the shipped file
will be newer than the pem file, which renders the mechanism useless for
allowing users to build all unit tests without OpenSSL.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 test/self/Kconfig                |   7 ++
 test/self/Makefile               |  11 ++-
 test/self/jwt.c                  | 157 +++++++++++++++++++++++++++++++
 test/self/jwt_test.pem           |  37 ++++++++
 test/self/jwt_test.pem.c_shipped |  49 ++++++++++
 5 files changed, 260 insertions(+), 1 deletion(-)
 create mode 100644 test/self/jwt.c
 create mode 100644 test/self/jwt_test.pem
 create mode 100644 test/self/jwt_test.pem.c_shipped

diff --git a/test/self/Kconfig b/test/self/Kconfig
index e7da07491a91..5850dc95973b 100644
--- a/test/self/Kconfig
+++ b/test/self/Kconfig
@@ -36,12 +36,15 @@ config SELFTEST_ENABLE_ALL
 	select SELFTEST_FS_RAMFS if FS_RAMFS
 	select SELFTEST_TFTP if FS_TFTP
 	select SELFTEST_JSON if JSMN
+	select SELFTEST_JWT if JWT
 	select SELFTEST_DIGEST if DIGEST
 	select SELFTEST_MMU if MMU
 	select SELFTEST_STRING
 	select SELFTEST_SETJMP if ARCH_HAS_SJLJ
 	select SELFTEST_REGULATOR if REGULATOR && OFDEVICE
 	select SELFTEST_TEST_COMMAND if CMD_TEST
+	help
+	  Selects all self-tests compatible with current configuration
 
 config SELFTEST_MALLOC
 	bool "malloc() selftest"
@@ -73,6 +76,10 @@ config SELFTEST_JSON
 	bool "JSON selftest"
 	depends on JSMN
 
+config SELFTEST_JWT
+	bool "JSON Web Token selftest"
+	depends on JWT
+
 config SELFTEST_MMU
 	bool "MMU remapping selftest"
 	select MEMTEST
diff --git a/test/self/Makefile b/test/self/Makefile
index 8168abf26278..24e78a186513 100644
--- a/test/self/Makefile
+++ b/test/self/Makefile
@@ -9,6 +9,7 @@ obj-$(CONFIG_SELFTEST_OF_MANIPULATION) += of_manipulation.o of_manipulation.dtb.
 obj-$(CONFIG_SELFTEST_ENVIRONMENT_VARIABLES) += envvar.o
 obj-$(CONFIG_SELFTEST_FS_RAMFS) += ramfs.o
 obj-$(CONFIG_SELFTEST_JSON) += json.o
+obj-$(CONFIG_SELFTEST_JWT) += jwt.o jwt_test.pem.o
 obj-$(CONFIG_SELFTEST_DIGEST) += digest.o
 obj-$(CONFIG_SELFTEST_MMU) += mmu.o
 obj-$(CONFIG_SELFTEST_STRING) += string.o
@@ -16,5 +17,13 @@ obj-$(CONFIG_SELFTEST_SETJMP) += setjmp.o
 obj-$(CONFIG_SELFTEST_REGULATOR) += regulator.o test_regulator.dtbo.o
 obj-$(CONFIG_SELFTEST_TEST_COMMAND) += test_command.o
 
-clean-files := *.dtb *.dtb.S .*.dtc .*.pre .*.dts *.dtb.z
+ifdef REGENERATE_RSATOC
+
+$(obj)/jwt_test.pem.c_shipped: $(src)/jwt_test.pem FORCE
+	$(call if_changed,rsa_keys,$(basename $(target-stem)):$<,-s)
+
+endif
+
+clean-files := *.dtb *.dtb.S .*.dtc .*.pre .*.dts *.dtb.z *
 clean-files += *.dtbo *.dtbo.S .*.dtso
+clean-files += *.pem.c
diff --git a/test/self/jwt.c b/test/self/jwt.c
new file mode 100644
index 000000000000..f37b44be22b8
--- /dev/null
+++ b/test/self/jwt.c
@@ -0,0 +1,157 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <common.h>
+#include <rsa.h>
+#include <bselftest.h>
+#include <crypto/jwt.h>
+#include <console.h>
+
+BSELFTEST_GLOBALS();
+
+static const jsmntok_t *check_token(const jsmntok_t *token,
+				    const char *claim,
+				    const char *payload,
+				    jsmntype_t expected_type,
+				    const char *expected_value)
+{
+	total_tests++;
+
+	if (token->type != expected_type) {
+		failed_tests++;
+		printf("claim %s has type mismatch: got %d, but %d expected\n",
+		       claim, token->type, expected_type);
+		return NULL;
+	}
+
+	total_tests++;
+
+	if (!jsmn_eq(expected_value, payload, token)) {
+		failed_tests++;
+		printf("claim %s: value has mismatch: got %.*s, but %s expected\n",
+		       claim, (int)(token->end - token->start),
+		       &payload[token->start], expected_value);
+		return NULL;
+	}
+
+	return token;
+}
+
+static const jsmntok_t *jwt_check_claim(const struct jwt *jwt,
+					const char *claim,
+					jsmntype_t expected_type,
+					const char *expected_value)
+{
+	const jsmntok_t *token;
+
+	total_tests++;
+
+	token = jwt_get_claim(jwt, claim);
+	if (!token) {
+		failed_tests++;
+		printf("claim %s couldn't be located\n", claim);
+		return NULL;
+	}
+
+	return check_token(token, claim, jwt_get_payload(jwt),
+			   expected_type, expected_value);
+}
+
+static const char jwt_rs256[] =
+	"  eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9."
+	"eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0."
+	"NHVaYe26MbtOYhSKkoKYdFVomg4i8ZJd8_-RU8VNbftc4TSMb4bXP3l3YlNWACwyXPGf"
+	"fz5aXHc6lty1Y2t4SWRqGteragsVdZufDn5BlnJl9pdR_kdVFUsra2rWKEofkZeIC4yW"
+	"ytE58sMIihvo9H1ScmmVwBcQP6XETqYd0aSHp1gOa9RdUPDvoXQ5oqygTqVtxaDr6wUF"
+	"KrKItgBMzWIdNZ6y7O9E0DhEPTbE9rfBo6KTFsHAZnMg4k68CDp2woYIaXbmYTWcvbzI"
+	"uHO7_37GT79XdIwkm95QJ7hYC9RiwrV7mesbY4PAahERJawntho0my942XheVLmGwLMBkQ\n \n";
+
+static void test_jwt(void)
+{
+	char *jwt_rs256_mangled, *ch;
+	struct jwt_key jwt_key;
+	struct jwt *jwt;
+	extern const struct rsa_public_key __key_jwt_test;
+	int old_loglevel;
+
+	jwt_key.alg = JWT_ALG_RS256;
+	jwt_key.material.rsa_pub = &__key_jwt_test;
+	total_tests++;
+
+	jwt = jwt_decode(jwt_rs256, &jwt_key);
+	if (IS_ERR(jwt)) {
+		printf("failed to parse jwt\n");
+		failed_tests++;
+	} else {
+		jwt_check_claim(jwt, "sub", JSMN_STRING, "1234567890");
+		jwt_check_claim(jwt, "name", JSMN_STRING, "John Doe");
+		jwt_check_claim(jwt, "admin", JSMN_PRIMITIVE, "true");
+		jwt_check_claim(jwt, "iat", JSMN_PRIMITIVE, "1516239022");
+
+		jwt_free(jwt);
+	}
+
+	/*
+	 * Following tests intentionally fail and JWT failures are intentionally
+	 * noisy, so we decrease logging a bit during their run
+	 */
+
+	old_loglevel = barebox_loglevel;
+	barebox_loglevel = MSG_CRIT;
+
+	jwt_rs256_mangled = strdup(jwt_rs256);
+	ch = &jwt_rs256_mangled[strlen(jwt_rs256_mangled) - 1];
+	*ch = *ch == '_' ? '-' : '_';
+
+	total_tests++;
+
+	jwt = jwt_decode(jwt_rs256_mangled, &jwt_key);
+	if (!IS_ERR(jwt)) {
+		printf("%s:%d expected JWT verification to fail\n", __func__, __LINE__);
+		failed_tests++;
+		jwt_free(jwt);
+	}
+
+	free(jwt_rs256_mangled);
+
+	jwt_rs256_mangled = strdup(jwt_rs256);
+	ch = &jwt_rs256_mangled[0];
+	*ch = *ch == '_' ? '-' : '_';
+
+	total_tests++;
+
+	jwt = jwt_decode(jwt_rs256_mangled, &jwt_key);
+	if (!IS_ERR(jwt)) {
+		printf("%s:%d expected JWT verification to fail\n", __func__, __LINE__);
+		failed_tests++;
+		jwt_free(jwt);
+	}
+
+	free(jwt_rs256_mangled);
+
+	total_tests++;
+
+	jwt_key.alg = JWT_ALG_RS384;
+
+	jwt = jwt_decode(jwt_rs256, &jwt_key);
+	if (!IS_ERR(jwt)) {
+		printf("%s:%d expected JWT verification to fail\n", __func__, __LINE__);
+		failed_tests++;
+		jwt_free(jwt);
+	}
+
+	total_tests++;
+
+	jwt_key.alg = JWT_ALG_NONE;
+
+	jwt = jwt_decode(jwt_rs256, &jwt_key);
+	if (!IS_ERR(jwt)) {
+		printf("%s:%d expected JWT verification to fail\n", __func__, __LINE__);
+		failed_tests++;
+		jwt_free(jwt);
+	}
+
+	barebox_loglevel = old_loglevel;
+}
+bselftest(parser, test_jwt);
diff --git a/test/self/jwt_test.pem b/test/self/jwt_test.pem
new file mode 100644
index 000000000000..349a5b6a47f0
--- /dev/null
+++ b/test/self/jwt_test.pem
@@ -0,0 +1,37 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo
+4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u
++qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyeh
+kd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ
+0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdg
+cKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbc
+mwIDAQAB
+-----END PUBLIC KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC7VJTUt9Us8cKj
+MzEfYyjiWA4R4/M2bS1GB4t7NXp98C3SC6dVMvDuictGeurT8jNbvJZHtCSuYEvu
+NMoSfm76oqFvAp8Gy0iz5sxjZmSnXyCdPEovGhLa0VzMaQ8s+CLOyS56YyCFGeJZ
+qgtzJ6GR3eqoYSW9b9UMvkBpZODSctWSNGj3P7jRFDO5VoTwCQAWbFnOjDfH5Ulg
+p2PKSQnSJP3AJLQNFNe7br1XbrhV//eO+t51mIpGSDCUv3E0DDFcWDTH9cXDTTlR
+ZVEiR2BwpZOOkE/Z0/BVnhZYL71oZV34bKfWjQIt6V/isSMahdsAASACp4ZTGtwi
+VuNd9tybAgMBAAECggEBAKTmjaS6tkK8BlPXClTQ2vpz/N6uxDeS35mXpqasqskV
+laAidgg/sWqpjXDbXr93otIMLlWsM+X0CqMDgSXKejLS2jx4GDjI1ZTXg++0AMJ8
+sJ74pWzVDOfmCEQ/7wXs3+cbnXhKriO8Z036q92Qc1+N87SI38nkGa0ABH9CN83H
+mQqt4fB7UdHzuIRe/me2PGhIq5ZBzj6h3BpoPGzEP+x3l9YmK8t/1cN0pqI+dQwY
+dgfGjackLu/2qH80MCF7IyQaseZUOJyKrCLtSD/Iixv/hzDEUPfOCjFDgTpzf3cw
+ta8+oE4wHCo1iI1/4TlPkwmXx4qSXtmw4aQPz7IDQvECgYEA8KNThCO2gsC2I9PQ
+DM/8Cw0O983WCDY+oi+7JPiNAJwv5DYBqEZB1QYdj06YD16XlC/HAZMsMku1na2T
+N0driwenQQWzoev3g2S7gRDoS/FCJSI3jJ+kjgtaA7Qmzlgk1TxODN+G1H91HW7t
+0l7VnL27IWyYo2qRRK3jzxqUiPUCgYEAx0oQs2reBQGMVZnApD1jeq7n4MvNLcPv
+t8b/eU9iUv6Y4Mj0Suo/AU8lYZXm8ubbqAlwz2VSVunD2tOplHyMUrtCtObAfVDU
+AhCndKaA9gApgfb3xw1IKbuQ1u4IF1FJl3VtumfQn//LiH1B3rXhcdyo3/vIttEk
+48RakUKClU8CgYEAzV7W3COOlDDcQd935DdtKBFRAPRPAlspQUnzMi5eSHMD/ISL
+DY5IiQHbIH83D4bvXq0X7qQoSBSNP7Dvv3HYuqMhf0DaegrlBuJllFVVq9qPVRnK
+xt1Il2HgxOBvbhOT+9in1BzA+YJ99UzC85O0Qz06A+CmtHEy4aZ2kj5hHjECgYEA
+mNS4+A8Fkss8Js1RieK2LniBxMgmYml3pfVLKGnzmng7H2+cwPLhPIzIuwytXywh
+2bzbsYEfYx3EoEVgMEpPhoarQnYPukrJO4gwE2o5Te6T5mJSZGlQJQj9q4ZB2Dfz
+et6INsK0oG8XVGXSpQvQh3RUYekCZQkBBFcpqWpbIEsCgYAnM3DQf3FJoSnXaMhr
+VBIovic5l0xFkEHskAjFTevO86Fsz1C2aSeRKSqGFoOQ0tmJzBEs1R6KqnHInicD
+TQrKhArgLXX4v3CddjfTRJkFWDbE/CkvKZNOrcf1nhaGCPspRJj2KUkj1Fhl9Cnc
+dn/RsYEONbwQSjIfMPkvxF+8HQ==
+-----END PRIVATE KEY-----
diff --git a/test/self/jwt_test.pem.c_shipped b/test/self/jwt_test.pem.c_shipped
new file mode 100644
index 000000000000..2142ae15dfb6
--- /dev/null
+++ b/test/self/jwt_test.pem.c_shipped
@@ -0,0 +1,49 @@
+#include <rsa.h>
+
+static uint32_t jwt_test_modulus[] = {
+	0x5df6dc9b, 0xdc2256e3, 0xa786531a, 0x00012002,
+	0x231a85db, 0xe95fe2b1, 0xd68d022d, 0x5df86ca7,
+	0x2fbd6865, 0x559e1658, 0x4fd9d3f0, 0xa5938e90,
+	0x22476070, 0x39516551, 0xf5c5c34d, 0x5c5834c7,
+	0x71340c31, 0x483094bf, 0x75988a46, 0xf78efade,
+	0x6eb855ff, 0xbb6ebd57, 0xb40d14d7, 0x24fdc024,
+	0xca4909d2, 0x4960a763, 0x8c37c7e5, 0x166c59ce,
+	0x84f00900, 0x1433b956, 0xf73fb8d1, 0xd5923468,
+	0x64e0d272, 0x0cbe4069, 0x25bd6fd5, 0xddeaa861,
+	0x7327a191, 0xe259aa0b, 0x63208519, 0xcec92e7a,
+	0x0f2cf822, 0xd15ccc69, 0x2f1a12da, 0x209d3c4a,
+	0x6664a75f, 0xb3e6cc63, 0x9f06cb48, 0xa2a16f02,
+	0x127e6efa, 0x4bee34ca, 0xb424ae60, 0x5bbc9647,
+	0xead3f233, 0x89cb467a, 0x5532f0ee, 0x2dd20ba7,
+	0x357a7df0, 0x46078b7b, 0xf3366d2d, 0x580e11e3,
+	0x1f6328e2, 0xc2a33331, 0xb7d52cf1, 0xbb5494d4,
+};
+
+static uint32_t jwt_test_rr[] = {
+	0xec4954b7, 0x61f69199, 0x9e489481, 0x14f25ec8,
+	0x712de1ab, 0x9c4ed93b, 0xcff16ec3, 0xb6e0c808,
+	0x56551022, 0x1206f0dc, 0x72051e96, 0x6ab07919,
+	0x8d29bea3, 0xa2a79109, 0x18a5e53d, 0x0a1ed2ae,
+	0xae6544f4, 0x5fb16424, 0x5253250c, 0x3fc04654,
+	0x9b9a3028, 0xf7219ed8, 0x8f9a7d60, 0x1020027e,
+	0xa7bb0182, 0xca68b839, 0x86a507ca, 0x725d9efb,
+	0xf43e09cd, 0xd373027e, 0x6c22f55c, 0x074bee70,
+	0x49525052, 0x0506900e, 0xf51bde0d, 0xc8f82c0e,
+	0x4a00d71e, 0x0a517ae2, 0x616e76fb, 0xb17b75d0,
+	0x4bfcbb90, 0x3efd07cf, 0xaf30c7cb, 0xa18dee7f,
+	0x02ed9615, 0x9185d985, 0x630a209e, 0xef23435c,
+	0x46277653, 0x57d47ec5, 0x86e58fcf, 0x8f0ebe09,
+	0x3b26c77e, 0xa3ef370d, 0xf83df63e, 0xa30a742e,
+	0x49c2fb64, 0xea9fbed9, 0xb7471da7, 0x7a411345,
+	0x303732ed, 0x6660f318, 0xe3a7df4c, 0x6a784bd5,
+};
+
+struct rsa_public_key __key_jwt_test;
+struct rsa_public_key __key_jwt_test = {
+	.len = 64,
+	.n0inv = 0x17d8566d,
+	.modulus = jwt_test_modulus,
+	.rr = jwt_test_rr,
+	.exponent = 0x10001,
+	.key_name_hint = "jwt_test",
+};
-- 
2.39.2

Re: [PATCH 0/3] crypto: add JSON Web Token (JWT) support

[Sascha Hauer]

On Mon, Oct 23, 2023 at 04:31:20PM +0200, Ahmad Fatoum wrote:
> JSON Web Token is a proposed Internet standard for creating tokens with
> optional signature and/or optional encryption whose payload holds JSON that
> asserts some number of claims. The tokens are signed either using a private
> secret or a public/private key.
> 
> In the context of barebox, a JSON Web Token can be used as unlock token
> for a system: By default, the system would be locked and only boot
> signed payloads, but when a valid unlock token is provided, board code
> can selectively allow access to disallowed features, such as booting
> unsigned payloads or provide access to the console and shell.
> 
> This series adds first support for JSON Web Tokens on top of the already
> existing JSON support. RS256 is the only currently supported format, but
> more may be added in future. In lieu of upstreaming board code making
> use of this, a selftest is added that decodes a JSON Web token after
> verifying it and asserts that the claim contained inside are as expected.
> 
> Ahmad Fatoum (3):
>   lib: base64: add support for base64url
>   crypto: add JSON Web Token (JWT) support
>   test: self: add JSON Web Token tests
> 
>  crypto/Kconfig                   |   6 +
>  crypto/Makefile                  |   2 +
>  crypto/jwt.c                     | 241 +++++++++++++++++++++++++++++++
>  include/base64.h                 |   1 +
>  include/crypto/jwt.h             |  55 +++++++
>  lib/base64.c                     |  60 +++++++-
>  test/self/Kconfig                |   7 +
>  test/self/Makefile               |  11 +-
>  test/self/jwt.c                  | 157 ++++++++++++++++++++
>  test/self/jwt_test.pem           |  37 +++++
>  test/self/jwt_test.pem.c_shipped |  49 +++++++
>  11 files changed, 620 insertions(+), 6 deletions(-)
>  create mode 100644 crypto/jwt.c
>  create mode 100644 include/crypto/jwt.h
>  create mode 100644 test/self/jwt.c
>  create mode 100644 test/self/jwt_test.pem
>  create mode 100644 test/self/jwt_test.pem.c_shipped

Applied, thanks

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Re: [PATCH 2/3] crypto: add JSON Web Token (JWT) support

[Sascha Hauer]

On Mon, Oct 23, 2023 at 04:31:22PM +0200, Ahmad Fatoum wrote:
> diff --git a/crypto/jwt.c b/crypto/jwt.c
> new file mode 100644
> index 000000000000..146ddeff1e8b
> --- /dev/null
> +++ b/crypto/jwt.c
> +struct jwt *jwt_decode(const char *token, const struct jwt_key *key)
> +{
> +	const char *alg_name = jwt_alg_names[key->alg];
> +	enum hash_algo hash_algo;
> +	const char *payload, *signature, *end;
> +	u8 *sigbin;
> +	size_t sig_len, sigbin_len;
> +	struct jwt *jwt;
> +	u8 *hash;
> +	int ret;
> +
> +	token = jwt_split(token, &payload, &signature, &end);
> +	if (IS_ERR(token))
> +		return ERR_CAST(token);
> +
> +	sig_len = end - signature;
> +
> +	switch (key->alg) {
> +	case JWT_ALG_RS256:
> +	case JWT_ALG_RS384:
> +	case JWT_ALG_RS512:
> +		if (sig_len == 0)
> +			return ERR_PTR(-EILSEQ);
> +
> +		sigbin = xzalloc(sig_len);
> +		sigbin_len = decode_base64url(sigbin, sig_len, signature);
> +
> +		hash_algo = digest_algo_by_jwt_alg(key->alg);
> +		hash = do_hash(token, signature - token - 1, hash_algo);
> +		if (IS_ERR(hash)) {
> +			free(sigbin);
> +			return ERR_CAST(hash);
> +		}
> +
> +		ret = rsa_verify(key->material.rsa_pub, sigbin, sigbin_len, hash,
> +				 hash_algo);
> +		free(hash);
> +		free(sigbin);
> +		if (ret < 0) {
> +			pr_debug("%s signature does not match: %pe\n",
> +				 alg_name, ERR_PTR(ret));
> +			return ERR_PTR(ret);
> +		}
> +
> +		break;
> +	default:
> +		return ERR_PTR(-ENOSYS);
> +	}
> +
> +	pr_debug("verification for algo %s ok\n", alg_name);
> +
> +	jwt = xzalloc(sizeof(*jwt));
> +
> +	ret = jwt_part_parse(&jwt->header, token, payload - token - 1);
> +	if (ret || !jwt_header_ok(jwt, key->alg)) {
> +		ret = ret ?: -EINVAL;
> +		pr_debug("failed to parse header: %pe\n", ERR_PTR(ret));
> +		goto err;
> +	}
> +
> +	ret = jwt_part_parse(&jwt->payload, payload, signature - payload - 1);
> +	if (ret) {
> +		ret = ret ?: -EINVAL;

Dropped this superfluous line while applying.

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Re: [PATCH 3/3] test: self: add JSON Web Token tests

[Sascha Hauer]

Hi Ahmad,

On Mon, Oct 23, 2023 at 04:31:23PM +0200, Ahmad Fatoum wrote:
> diff --git a/test/self/Makefile b/test/self/Makefile
> index 8168abf26278..24e78a186513 100644
> --- a/test/self/Makefile
> +++ b/test/self/Makefile
> @@ -9,6 +9,7 @@ obj-$(CONFIG_SELFTEST_OF_MANIPULATION) += of_manipulation.o of_manipulation.dtb.
>  obj-$(CONFIG_SELFTEST_ENVIRONMENT_VARIABLES) += envvar.o
>  obj-$(CONFIG_SELFTEST_FS_RAMFS) += ramfs.o
>  obj-$(CONFIG_SELFTEST_JSON) += json.o
> +obj-$(CONFIG_SELFTEST_JWT) += jwt.o jwt_test.pem.o
>  obj-$(CONFIG_SELFTEST_DIGEST) += digest.o
>  obj-$(CONFIG_SELFTEST_MMU) += mmu.o
>  obj-$(CONFIG_SELFTEST_STRING) += string.o
> @@ -16,5 +17,13 @@ obj-$(CONFIG_SELFTEST_SETJMP) += setjmp.o
>  obj-$(CONFIG_SELFTEST_REGULATOR) += regulator.o test_regulator.dtbo.o
>  obj-$(CONFIG_SELFTEST_TEST_COMMAND) += test_command.o
>  
> -clean-files := *.dtb *.dtb.S .*.dtc .*.pre .*.dts *.dtb.z
> +ifdef REGENERATE_RSATOC
> +
> +$(obj)/jwt_test.pem.c_shipped: $(src)/jwt_test.pem FORCE
> +	$(call if_changed,rsa_keys,$(basename $(target-stem)):$<,-s)
> +
> +endif
> +
> +clean-files := *.dtb *.dtb.S .*.dtc .*.pre .*.dts *.dtb.z *
                                                            ^^^

This additional '*' removes parts of the source tree when doing a make
clean. Was there any intention with this or is this just an accident?

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Re: [PATCH 3/3] test: self: add JSON Web Token tests

[Ahmad Fatoum]

On 02.11.23 08:20, Sascha Hauer wrote:
> Hi Ahmad,
> 
> On Mon, Oct 23, 2023 at 04:31:23PM +0200, Ahmad Fatoum wrote:
>> diff --git a/test/self/Makefile b/test/self/Makefile
>> index 8168abf26278..24e78a186513 100644
>> --- a/test/self/Makefile
>> +++ b/test/self/Makefile
>> @@ -9,6 +9,7 @@ obj-$(CONFIG_SELFTEST_OF_MANIPULATION) += of_manipulation.o of_manipulation.dtb.
>>  obj-$(CONFIG_SELFTEST_ENVIRONMENT_VARIABLES) += envvar.o
>>  obj-$(CONFIG_SELFTEST_FS_RAMFS) += ramfs.o
>>  obj-$(CONFIG_SELFTEST_JSON) += json.o
>> +obj-$(CONFIG_SELFTEST_JWT) += jwt.o jwt_test.pem.o
>>  obj-$(CONFIG_SELFTEST_DIGEST) += digest.o
>>  obj-$(CONFIG_SELFTEST_MMU) += mmu.o
>>  obj-$(CONFIG_SELFTEST_STRING) += string.o
>> @@ -16,5 +17,13 @@ obj-$(CONFIG_SELFTEST_SETJMP) += setjmp.o
>>  obj-$(CONFIG_SELFTEST_REGULATOR) += regulator.o test_regulator.dtbo.o
>>  obj-$(CONFIG_SELFTEST_TEST_COMMAND) += test_command.o
>>  
>> -clean-files := *.dtb *.dtb.S .*.dtc .*.pre .*.dts *.dtb.z
>> +ifdef REGENERATE_RSATOC
>> +
>> +$(obj)/jwt_test.pem.c_shipped: $(src)/jwt_test.pem FORCE
>> +	$(call if_changed,rsa_keys,$(basename $(target-stem)):$<,-s)
>> +
>> +endif
>> +
>> +clean-files := *.dtb *.dtb.S .*.dtc .*.pre .*.dts *.dtb.z *
>                                                             ^^^
> 
> This additional '*' removes parts of the source tree when doing a make
> clean. Was there any intention with this or is this just an accident?

Please revert the line, I think this used to remove an intermediary artifact
that's no longer relevant.

Thanks,
Ahmad

> 
> Sascha
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |