57 lines
1.2 KiB
C
57 lines
1.2 KiB
C
|
/*
|
||
|
* Copyright (C) 2024 BayLibre SAS
|
||
|
*
|
||
|
* SPDX-License-Identifier: Apache-2.0
|
||
|
*/
|
||
|
|
||
|
#include <string.h>
|
||
|
#include <zephyr/types.h>
|
||
|
#include <errno.h>
|
||
|
|
||
|
#include <zephyr/data/jwt.h>
|
||
|
#include <zephyr/data/json.h>
|
||
|
|
||
|
#include <mbedtls/pk.h>
|
||
|
#include <mbedtls/rsa.h>
|
||
|
#include <mbedtls/sha256.h>
|
||
|
#include <zephyr/random/random.h>
|
||
|
|
||
|
#include "jwt.h"
|
||
|
|
||
|
static int csprng_wrapper(void *ctx, unsigned char *dest, size_t size)
|
||
|
{
|
||
|
ARG_UNUSED(ctx);
|
||
|
|
||
|
return sys_csrand_get((void *)dest, size);
|
||
|
}
|
||
|
|
||
|
int jwt_sign_impl(struct jwt_builder *builder, const unsigned char *der_key, size_t der_key_len,
|
||
|
unsigned char *sig, size_t sig_size)
|
||
|
{
|
||
|
int res;
|
||
|
mbedtls_pk_context ctx;
|
||
|
size_t sig_len_out;
|
||
|
|
||
|
mbedtls_pk_init(&ctx);
|
||
|
|
||
|
res = mbedtls_pk_parse_key(&ctx, der_key, der_key_len, NULL, 0, csprng_wrapper, NULL);
|
||
|
if (res != 0) {
|
||
|
return res;
|
||
|
}
|
||
|
|
||
|
uint8_t hash[32];
|
||
|
|
||
|
/*
|
||
|
* The '0' indicates to mbedtls to do a SHA256, instead of
|
||
|
* 224.
|
||
|
*/
|
||
|
res = mbedtls_sha256(builder->base, builder->buf - builder->base, hash, 0);
|
||
|
if (res != 0) {
|
||
|
return res;
|
||
|
}
|
||
|
|
||
|
res = mbedtls_pk_sign(&ctx, MBEDTLS_MD_SHA256, hash, sizeof(hash), sig, sig_size,
|
||
|
&sig_len_out, csprng_wrapper, NULL);
|
||
|
return res;
|
||
|
}
|