zephyr/subsys/jwt/Kconfig

# Copyright (c) 2018 Linaro
# Copyright (c) 2024 BayLibre SAS
# SPDX-License-Identifier: Apache-2.0

menuconfig JWT
	bool "JSON Web Token generation"
	select JSON_LIBRARY
	help
	  Enable creation of JWT tokens

if JWT

choice
	prompt "JWT signature algorithm"
	default JWT_SIGN_RSA_PSA
	help
	  Select which algorithm to use for signing JWT tokens.

config JWT_SIGN_RSA_LEGACY
	bool "Use RSA signature (RS-256). Use Mbed TLS as crypto library."
	depends on CSPRNG_AVAILABLE
	select MBEDTLS
	select MBEDTLS_MD
	select MBEDTLS_RSA_C
	select MBEDTLS_PKCS1_V15
	select MBEDTLS_PKCS1_V21
	select MBEDTLS_KEY_EXCHANGE_RSA_ENABLED

config JWT_SIGN_RSA_PSA
	bool "Use RSA signature (RS-256). Use PSA Crypto API."
	select MBEDTLS if !BUILD_WITH_TFM
	select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM
	select PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
	select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
	select PSA_WANT_ALG_RSA_PKCS1V15_SIGN
	select PSA_WANT_ALG_SHA_256

config JWT_SIGN_ECDSA_PSA
	bool "Use ECDSA signature (ES-256). Use PSA Crypto API."
	select MBEDTLS if !BUILD_WITH_TFM
	select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM
	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
	select PSA_WANT_ALG_ECDSA
	select PSA_WANT_ECC_SECP_R1_256
	select PSA_WANT_ALG_SHA_256

endchoice

endif # JWT
jwt: Add JSON web token library This patch adds a JSON web token library that adds the capability to sign JSON tokens. This was located in subsys due to the dependency on MBEDTLS, which resides in /ext. Signed-off-by: David Brown <david.brown@linaro.org> Signed-off-by: Andy Gross <andy.gross@linaro.org> 2018-09-20 12:15:20 -07:00			`# Copyright (c) 2018 Linaro`
jwt: reshape and add alternative for ECDSA using PSA This commit: - creates 2 new files, jwt_ecdsa.c and jwt_rsa.c, to hold the implementations of the corresponding ECDSA/RSA signature algorithms; - RSA signature is stil done through Mbed TLS's PK module which can optionally make use of PSA (if enabled); - ECDSA signature will instead use PSA, if possible, or TinyCrypt as fallback. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-09-10 16:42:50 +02:00			`# Copyright (c) 2024 BayLibre SAS`
jwt: Add JSON web token library This patch adds a JSON web token library that adds the capability to sign JSON tokens. This was located in subsys due to the dependency on MBEDTLS, which resides in /ext. Signed-off-by: David Brown <david.brown@linaro.org> Signed-off-by: Andy Gross <andy.gross@linaro.org> 2018-09-20 12:15:20 -07:00			`# SPDX-License-Identifier: Apache-2.0`
kconfig: Clean up header comments and make them consistent Use this short header style in all Kconfig files: # <description> # <copyright> # <license> ... Also change all <description>s from # Kconfig[.extension] - Foo-related options to just # Foo-related options It's clear enough that it's about Kconfig. The <description> cleanup was done with this command, along with some manual cleanup (big letter at the start, etc.) git ls-files 'Kconfig' \| \ xargs sed -i -E '1 s/#\sKconfig[\w.-]\s-\s/# /' Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> 2019-11-01 13:45:29 +01:00
jwt: Add JSON web token library This patch adds a JSON web token library that adds the capability to sign JSON tokens. This was located in subsys due to the dependency on MBEDTLS, which resides in /ext. Signed-off-by: David Brown <david.brown@linaro.org> Signed-off-by: Andy Gross <andy.gross@linaro.org> 2018-09-20 12:15:20 -07:00			`menuconfig JWT`
Kconfig: cleanup subsystems Sort entries alphabetically and cleanup top level menu for each subsystem. Move stats subsystem Kconfig from debug into its own Kconfig. Signed-off-by: Anas Nashif <anas.nashif@intel.com> 2020-08-22 13:07:14 -04:00			`bool "JSON Web Token generation"`
jwt: Add JSON web token library This patch adds a JSON web token library that adds the capability to sign JSON tokens. This was located in subsys due to the dependency on MBEDTLS, which resides in /ext. Signed-off-by: David Brown <david.brown@linaro.org> Signed-off-by: Andy Gross <andy.gross@linaro.org> 2018-09-20 12:15:20 -07:00			`select JSON_LIBRARY`
			`help`
			`Enable creation of JWT tokens`

jwt: reshape and add alternative for ECDSA using PSA This commit: - creates 2 new files, jwt_ecdsa.c and jwt_rsa.c, to hold the implementations of the corresponding ECDSA/RSA signature algorithms; - RSA signature is stil done through Mbed TLS's PK module which can optionally make use of PSA (if enabled); - ECDSA signature will instead use PSA, if possible, or TinyCrypt as fallback. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-09-10 16:42:50 +02:00			`if JWT`

jwt: Add JSON web token library This patch adds a JSON web token library that adds the capability to sign JSON tokens. This was located in subsys due to the dependency on MBEDTLS, which resides in /ext. Signed-off-by: David Brown <david.brown@linaro.org> Signed-off-by: Andy Gross <andy.gross@linaro.org> 2018-09-20 12:15:20 -07:00			`choice`
			`prompt "JWT signature algorithm"`
jwt: remove TinyCrypt usage As part of TinyCrypt deprecation process (#79566) this commit removes usage of this library from the JWT subsystem and its related tests. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-10-10 15:45:08 +02:00			`default JWT_SIGN_RSA_PSA`
jwt: Add JSON web token library This patch adds a JSON web token library that adds the capability to sign JSON tokens. This was located in subsys due to the dependency on MBEDTLS, which resides in /ext. Signed-off-by: David Brown <david.brown@linaro.org> Signed-off-by: Andy Gross <andy.gross@linaro.org> 2018-09-20 12:15:20 -07:00			`help`
			`Select which algorithm to use for signing JWT tokens.`

jwt: remove TinyCrypt usage As part of TinyCrypt deprecation process (#79566) this commit removes usage of this library from the JWT subsystem and its related tests. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-10-10 15:45:08 +02:00			`config JWT_SIGN_RSA_LEGACY`
			`bool "Use RSA signature (RS-256). Use Mbed TLS as crypto library."`
mbedtls: select ENTROPY_GENERATOR when a driver is available This is based on the introduction of a helper Kconfig symbol in "subsys/random/Kconfig" which is named CSPRNG_AVAILABLE. When this is enabled it means that there is a "zephyr,entropy" property defined in the device-tree, therefore Mbed TLS can select ENTROPY_GENERATOR to allow the platform specific driver to be included into the build. This commit also changes other locations where CSPRNG_ENABLED was used moving it to CSPRNG_AVAILABLE in order to solve dependency loop build failures. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-12-11 14:48:38 +01:00			`depends on CSPRNG_AVAILABLE`
jwt: remove TinyCrypt usage As part of TinyCrypt deprecation process (#79566) this commit removes usage of this library from the JWT subsystem and its related tests. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-10-10 15:45:08 +02:00			`select MBEDTLS`
modules: mbedtls: make key exchange Kconfigs depend on, not select Turn the MBEDTLS_RSA_FULL selects into depends on. This is how the other MBEDTLS_KEY_EXCHANGE_* Kconfig options are defined. This is done to avoid circular dependencies. At the same time update uses of the affected MBEDTLS_KEY_EXCHANGE_* Kconfig options to enable/disable the dependencies which used to be automatically handled. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no> 2025-05-02 10:11:26 +03:00			`select MBEDTLS_MD`
			`select MBEDTLS_RSA_C`
			`select MBEDTLS_PKCS1_V15`
			`select MBEDTLS_PKCS1_V21`
jwt: remove TinyCrypt usage As part of TinyCrypt deprecation process (#79566) this commit removes usage of this library from the JWT subsystem and its related tests. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-10-10 15:45:08 +02:00			`select MBEDTLS_KEY_EXCHANGE_RSA_ENABLED`
jwt: reshape and add alternative for ECDSA using PSA This commit: - creates 2 new files, jwt_ecdsa.c and jwt_rsa.c, to hold the implementations of the corresponding ECDSA/RSA signature algorithms; - RSA signature is stil done through Mbed TLS's PK module which can optionally make use of PSA (if enabled); - ECDSA signature will instead use PSA, if possible, or TinyCrypt as fallback. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-09-10 16:42:50 +02:00
jwt: remove TinyCrypt usage As part of TinyCrypt deprecation process (#79566) this commit removes usage of this library from the JWT subsystem and its related tests. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-10-10 15:45:08 +02:00			`config JWT_SIGN_RSA_PSA`
			`bool "Use RSA signature (RS-256). Use PSA Crypto API."`
jwt: reshape and add alternative for ECDSA using PSA This commit: - creates 2 new files, jwt_ecdsa.c and jwt_rsa.c, to hold the implementations of the corresponding ECDSA/RSA signature algorithms; - RSA signature is stil done through Mbed TLS's PK module which can optionally make use of PSA (if enabled); - ECDSA signature will instead use PSA, if possible, or TinyCrypt as fallback. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-09-10 16:42:50 +02:00			`select MBEDTLS if !BUILD_WITH_TFM`
			`select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM`
jwt: remove TinyCrypt usage As part of TinyCrypt deprecation process (#79566) this commit removes usage of this library from the JWT subsystem and its related tests. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-10-10 15:45:08 +02:00			`select PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY`
			`select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT`
			`select PSA_WANT_ALG_RSA_PKCS1V15_SIGN`
			`select PSA_WANT_ALG_SHA_256`
jwt: reshape and add alternative for ECDSA using PSA This commit: - creates 2 new files, jwt_ecdsa.c and jwt_rsa.c, to hold the implementations of the corresponding ECDSA/RSA signature algorithms; - RSA signature is stil done through Mbed TLS's PK module which can optionally make use of PSA (if enabled); - ECDSA signature will instead use PSA, if possible, or TinyCrypt as fallback. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-09-10 16:42:50 +02:00
			`config JWT_SIGN_ECDSA_PSA`
jwt: remove TinyCrypt usage As part of TinyCrypt deprecation process (#79566) this commit removes usage of this library from the JWT subsystem and its related tests. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-10-10 15:45:08 +02:00			`bool "Use ECDSA signature (ES-256). Use PSA Crypto API."`
			`select MBEDTLS if !BUILD_WITH_TFM`
			`select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM`
jwt: reshape and add alternative for ECDSA using PSA This commit: - creates 2 new files, jwt_ecdsa.c and jwt_rsa.c, to hold the implementations of the corresponding ECDSA/RSA signature algorithms; - RSA signature is stil done through Mbed TLS's PK module which can optionally make use of PSA (if enabled); - ECDSA signature will instead use PSA, if possible, or TinyCrypt as fallback. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-09-10 16:42:50 +02:00			`select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT`
			`select PSA_WANT_ALG_ECDSA`
			`select PSA_WANT_ECC_SECP_R1_256`
			`select PSA_WANT_ALG_SHA_256`

jwt: remove TinyCrypt usage As part of TinyCrypt deprecation process (#79566) this commit removes usage of this library from the JWT subsystem and its related tests. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-10-10 15:45:08 +02:00			`endchoice`
jwt: reshape and add alternative for ECDSA using PSA This commit: - creates 2 new files, jwt_ecdsa.c and jwt_rsa.c, to hold the implementations of the corresponding ECDSA/RSA signature algorithms; - RSA signature is stil done through Mbed TLS's PK module which can optionally make use of PSA (if enabled); - ECDSA signature will instead use PSA, if possible, or TinyCrypt as fallback. Signed-off-by: Valerio Setti <vsetti@baylibre.com> 2024-09-10 16:42:50 +02:00
			`endif # JWT`