JSON Web Token is a proposed Internet standard for creating tokens with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key. In the context of barebox, a JSON Web Token can be used as unlock token for a system: By default, the system would be locked and only boot signed payloads, but when a valid unlock token is provided, board code can selectively allow access to disallowed features, such as booting unsigned payloads or provide access to the console and shell. This series adds first support for JSON Web Tokens on top of the already existing JSON support. RS256 is the only currently supported format, but more may be added in future. In lieu of upstreaming board code making use of this, a selftest is added that decodes a JSON Web token after verifying it and asserts that the claim contained inside are as expected. Ahmad Fatoum (3): lib: base64: add support for base64url crypto: add JSON Web Token (JWT) support test: self: add JSON Web Token tests crypto/Kconfig | 6 + crypto/Makefile | 2 + crypto/jwt.c | 241 +++++++++++++++++++++++++++++++ include/base64.h | 1 + include/crypto/jwt.h | 55 +++++++ lib/base64.c | 60 +++++++- test/self/Kconfig | 7 + test/self/Makefile | 11 +- test/self/jwt.c | 157 ++++++++++++++++++++ test/self/jwt_test.pem | 37 +++++ test/self/jwt_test.pem.c_shipped | 49 +++++++ 11 files changed, 620 insertions(+), 6 deletions(-) create mode 100644 crypto/jwt.c create mode 100644 include/crypto/jwt.h create mode 100644 test/self/jwt.c create mode 100644 test/self/jwt_test.pem create mode 100644 test/self/jwt_test.pem.c_shipped -- 2.39.2
