Line data Source code
1 0 : /*
2 : * Copyright (c) 2018 Linaro Ltd
3 : *
4 : * SPDX-License-Identifier: Apache-2.0
5 : */
6 :
7 : #ifndef ZEPHYR_INCLUDE_DATA_JWT_H_
8 : #define ZEPHYR_INCLUDE_DATA_JWT_H_
9 :
10 : #include <zephyr/types.h>
11 : #include <stdbool.h>
12 :
13 : #ifdef __cplusplus
14 : extern "C" {
15 : #endif
16 :
17 : /**
18 : * @brief JSON Web Token (JWT) - RFC 7519
19 : * @defgroup jwt JSON Web Token (JWT)
20 : * @ingroup json
21 : * @{
22 : */
23 :
24 : /**
25 : * @brief JWT data tracking.
26 : *
27 : * JSON Web Tokens contain several sections, each encoded in Base64URL.
28 : * This structure tracks the token as it is being built, including
29 : * limits on the amount of available space. It should be initialized
30 : * with jwt_init_builder().
31 : */
32 1 : struct jwt_builder {
33 : /** The base of the buffer we are writing to. */
34 1 : char *base;
35 :
36 : /** The place in this buffer where we are currently writing.
37 : */
38 1 : char *buf;
39 :
40 : /** The remaining free space in @p buf. */
41 1 : size_t len;
42 :
43 : /**
44 : * Flag that is set if we try to write past the end of the
45 : * buffer. If set, the token is not valid.
46 : */
47 1 : bool overflowed;
48 :
49 : /* Pending bytes yet to be converted to base64. */
50 0 : unsigned char wip[3];
51 :
52 : /* Number of pending bytes. */
53 0 : int pending;
54 : };
55 :
56 : /**
57 : * @brief Initialize the JWT builder.
58 : *
59 : * Initialize the given JWT builder for the creation of a fresh token.
60 : * The buffer size should be long enough to store the entire token.
61 : *
62 : * @param builder The builder to initialize.
63 : * @param buffer The buffer to write the token to.
64 : * @param buffer_size The size of this buffer. The token will be NULL
65 : * terminated, which needs to be allowed for in this size.
66 : *
67 : * @retval 0 Success.
68 : * @retval -ENOSPC Buffer is insufficient to initialize.
69 : */
70 1 : int jwt_init_builder(struct jwt_builder *builder,
71 : char *buffer,
72 : size_t buffer_size);
73 :
74 : /**
75 : * @brief Add JWT payload.
76 : *
77 : * Add JWT payload to a previously initialized builder with the following fields:
78 : * - Expiration Time
79 : * - Issued At
80 : * - Audience
81 : *
82 : * See RFC 7519 section 4.1 to get more information about these fields.
83 : *
84 : * @param builder A previously initialized builder.
85 : * @param exp Expiration Time (epoch format).
86 : * @param iat Issued At (epoch format).
87 : * @param aud Audience.
88 : *
89 : * @retval 0 Success.
90 : * @retval <0 Failure.
91 : */
92 1 : int jwt_add_payload(struct jwt_builder *builder,
93 : int32_t exp,
94 : int32_t iat,
95 : const char *aud);
96 :
97 : /**
98 : * @brief Sign the JWT.
99 : *
100 : * Sign a previously initialized with payload JWT.
101 : *
102 : * @param builder A previously initialized builder with payload.
103 : * @param der_key Private key to use in DER format.
104 : * @param der_key_len Size of the private key in bytes.
105 : *
106 : * @retval 0 Success.
107 : * @retval <0 Failure.
108 : */
109 1 : int jwt_sign(struct jwt_builder *builder,
110 : const char *der_key,
111 : size_t der_key_len);
112 :
113 : #ifdef __cplusplus
114 : }
115 : #endif
116 :
117 : /**
118 : * @}
119 : */
120 :
121 : #endif /* ZEPHYR_INCLUDE_DATA_JWT_H_ */
|