/* * Copyright (C) 2024 BayLibre SAS * * SPDX-License-Identifier: Apache-2.0 */ #include #include #include #include #include #include #include "jwt.h" int jwt_sign_impl(struct jwt_builder *builder, const unsigned char *der_key, size_t der_key_len, unsigned char *sig, size_t sig_size) { psa_status_t status; psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; psa_key_id_t key_id; size_t sig_len_out; psa_algorithm_t alg; int ret; #if defined(CONFIG_JWT_SIGN_ECDSA_PSA) psa_set_key_type(&attr, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); psa_set_key_algorithm(&attr, PSA_ALG_ECDSA(PSA_ALG_SHA_256)); alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256); #else psa_set_key_type(&attr, PSA_KEY_TYPE_RSA_KEY_PAIR); psa_set_key_algorithm(&attr, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)); alg = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256); #endif psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_SIGN_MESSAGE); status = psa_import_key(&attr, der_key, der_key_len, &key_id); if (status != PSA_SUCCESS) { return -EINVAL; } status = psa_sign_message(key_id, alg, builder->base, builder->buf - builder->base, sig, sig_size, &sig_len_out); ret = (status == PSA_SUCCESS) ? 0 : -EINVAL; psa_destroy_key(key_id); return ret; }