From: Sascha Hauer <sha@pengutronix.de>
To: Ahmad Fatoum <a.fatoum@pengutronix.de>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH 0/3] crypto: add JSON Web Token (JWT) support
Date: Wed, 1 Nov 2023 10:10:24 +0100 [thread overview]
Message-ID: <20231101091024.GG3359458@pengutronix.de> (raw)
In-Reply-To: <20231023143122.1760217-1-a.fatoum@pengutronix.de>
On Mon, Oct 23, 2023 at 04:31:20PM +0200, Ahmad Fatoum wrote:
> JSON Web Token is a proposed Internet standard for creating tokens with
> optional signature and/or optional encryption whose payload holds JSON that
> asserts some number of claims. The tokens are signed either using a private
> secret or a public/private key.
>
> In the context of barebox, a JSON Web Token can be used as unlock token
> for a system: By default, the system would be locked and only boot
> signed payloads, but when a valid unlock token is provided, board code
> can selectively allow access to disallowed features, such as booting
> unsigned payloads or provide access to the console and shell.
>
> This series adds first support for JSON Web Tokens on top of the already
> existing JSON support. RS256 is the only currently supported format, but
> more may be added in future. In lieu of upstreaming board code making
> use of this, a selftest is added that decodes a JSON Web token after
> verifying it and asserts that the claim contained inside are as expected.
>
> Ahmad Fatoum (3):
> lib: base64: add support for base64url
> crypto: add JSON Web Token (JWT) support
> test: self: add JSON Web Token tests
>
> crypto/Kconfig | 6 +
> crypto/Makefile | 2 +
> crypto/jwt.c | 241 +++++++++++++++++++++++++++++++
> include/base64.h | 1 +
> include/crypto/jwt.h | 55 +++++++
> lib/base64.c | 60 +++++++-
> test/self/Kconfig | 7 +
> test/self/Makefile | 11 +-
> test/self/jwt.c | 157 ++++++++++++++++++++
> test/self/jwt_test.pem | 37 +++++
> test/self/jwt_test.pem.c_shipped | 49 +++++++
> 11 files changed, 620 insertions(+), 6 deletions(-)
> create mode 100644 crypto/jwt.c
> create mode 100644 include/crypto/jwt.h
> create mode 100644 test/self/jwt.c
> create mode 100644 test/self/jwt_test.pem
> create mode 100644 test/self/jwt_test.pem.c_shipped
Applied, thanks
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
prev parent reply other threads:[~2023-11-01 9:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-23 14:31 Ahmad Fatoum
2023-10-23 14:31 ` [PATCH 1/3] lib: base64: add support for base64url Ahmad Fatoum
2023-10-23 14:31 ` [PATCH 2/3] crypto: add JSON Web Token (JWT) support Ahmad Fatoum
2023-11-01 9:13 ` Sascha Hauer
2023-10-23 14:31 ` [PATCH 3/3] test: self: add JSON Web Token tests Ahmad Fatoum
2023-11-02 7:20 ` Sascha Hauer
2023-11-02 8:07 ` Ahmad Fatoum
2023-11-01 9:10 ` Sascha Hauer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231101091024.GG3359458@pengutronix.de \
--to=sha@pengutronix.de \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox