# Copyright (c) 2018 Linaro
# Copyright (c) 2024 BayLibre SAS
# SPDX-License-Identifier: Apache-2.0

menuconfig JWT
	bool "JSON Web Token generation"
	select JSON_LIBRARY
	help
	  Enable creation of JWT tokens

if JWT

choice
	prompt "JWT signature algorithm"
	default JWT_SIGN_RSA_PSA
	help
	  Select which algorithm to use for signing JWT tokens.

config JWT_SIGN_RSA_LEGACY
	bool "Use RSA signature (RS-256). Use Mbed TLS as crypto library."
	depends on CSPRNG_ENABLED
	select MBEDTLS
	select MBEDTLS_KEY_EXCHANGE_RSA_ENABLED

config JWT_SIGN_RSA_PSA
	bool "Use RSA signature (RS-256). Use PSA Crypto API."
	select MBEDTLS if !BUILD_WITH_TFM
	select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM
	select PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
	select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
	select PSA_WANT_ALG_RSA_PKCS1V15_SIGN
	select PSA_WANT_ALG_SHA_256

config JWT_SIGN_ECDSA_PSA
	bool "Use ECDSA signature (ES-256). Use PSA Crypto API."
	select MBEDTLS if !BUILD_WITH_TFM
	select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM
	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
	select PSA_WANT_ALG_ECDSA
	select PSA_WANT_ECC_SECP_R1_256
	select PSA_WANT_ALG_SHA_256

endchoice

endif # JWT