Add l8w8jwt component

Author: laukik-hase

.build-test-rules.yml

@@ -42,3 +42,8 @@ catch2/examples/catch2-console:
   disable:
     - if: IDF_VERSION_MAJOR < 5
       reason: Example relies on WHOLE_ARCHIVE component property which was introduced in IDF v5.0
+
+l8w8jwt/examples/es256:
+  enable:
+    - if: IDF_VERSION_MAJOR > 4
+      reason: Supported only on IDF versions with Mbed TLS v3.x

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -36,6 +36,7 @@ body:
         - jsmn
         - json_generator
         - json_parser
+        - l8w8jwt
         - led_strip
         - libsodium
         - nghttp

.github/workflows/upload_component.yml

@@ -51,6 +51,7 @@ jobs:
             json_generator;
             json_parser;
             led_strip;
+            l8w8jwt;
             libsodium;
             nghttp;
             onewire_bus;

.gitmodules

@@ -57,3 +57,6 @@
 [submodule "catch2/Catch2"]
 	path = catch2/Catch2
 	url = https://github.com/catchorg/Catch2.git
+[submodule "l8w8jwt/l8w8jwt"]
+	path = l8w8jwt/l8w8jwt
+	url = https://github.com/GlitchedPolygons/l8w8jwt.git

l8w8jwt/CMakeLists.txt

@@ -0,0 +1,15 @@
+idf_component_register(SRCS "l8w8jwt/src/base64.c"
+        "l8w8jwt/src/claim.c"
+        "l8w8jwt/src/decode.c"
+        "l8w8jwt/src/encode.c"
+        "l8w8jwt/src/util.c"
+        "l8w8jwt/src/version.c"
+    INCLUDE_DIRS "l8w8jwt/include"
+    PRIV_INCLUDE_DIRS "port/private_include"
+    PRIV_REQUIRES "mbedtls"
+)
+
+set_source_files_properties("l8w8jwt/src/encode.c" "l8w8jwt/src/decode.c"
+                            PROPERTIES COMPILE_FLAGS "-Wno-maybe-uninitialized")
+
+target_compile_options(${COMPONENT_LIB} PRIVATE "-DL8W8JWT_SMALL_STACK=1" "-DL8W8JWT_ENABLE_EDDSA=0")

l8w8jwt/LICENSE

@@ -0,0 +1 @@
+l8w8jwt/LICENSE

l8w8jwt/README.md

@@ -0,0 +1 @@
+l8w8jwt/README.md

l8w8jwt/examples/es256/CMakeLists.txt

@@ -0,0 +1,6 @@
+# The following lines of boilerplate have to be in your project's
+# CMakeLists in this exact order for cmake to work correctly
+cmake_minimum_required(VERSION 3.16)
+
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+project(es256)

l8w8jwt/examples/es256/main/CMakeLists.txt

@@ -0,0 +1,2 @@
+idf_component_register(SRCS "main.c"
+                    INCLUDE_DIRS "")

l8w8jwt/examples/es256/main/idf_component.yml

@@ -0,0 +1,8 @@
+## IDF Component Manager Manifest File
+version: "1.0.0"
+description: l8w8jwt Example
+dependencies:
+  idf: ">=5.0"
+  espressif/l8w8jwt:
+    version: '>=2.2.1'
+    override_path: '../../../'

l8w8jwt/examples/es256/main/main.c

@@ -0,0 +1,166 @@
+/*
+   Copyright 2020 Raphael Beck
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+#include <stdio.h>
+#include <string.h>
+#include "l8w8jwt/encode.h"
+#include "l8w8jwt/decode.h"
+
+/*
+ * This keypair was generated using the following command:
+ * openssl ecparam -name prime256v1 -genkey -noout -out private.pem && openssl ec -in private.pem -pubout -out public.pem
+ */
+
+static const char ECDSA_PRIVATE_KEY[] = "-----BEGIN EC PRIVATE KEY-----\n"
+                                        "MHcCAQEEILvM6E7mLOdndALDyFc3sOgUTb6iVjgwRBtBwYZngSuwoAoGCCqGSM49\n"
+                                        "AwEHoUQDQgAEMlFGAIxe+/zLanxz4bOxTI6daFBkNGyQ+P4bc/RmNEq1NpsogiMB\n"
+                                        "5eXC7jUcD/XqxP9HCIhdRBcQHx7aOo3ayQ==\n"
+                                        "-----END EC PRIVATE KEY-----";
+
+static const char ECDSA_PUBLIC_KEY[] = "-----BEGIN PUBLIC KEY-----\n"
+                                       "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMlFGAIxe+/zLanxz4bOxTI6daFBk\n"
+                                       "NGyQ+P4bc/RmNEq1NpsogiMB5eXC7jUcD/XqxP9HCIhdRBcQHx7aOo3ayQ==\n"
+                                       "-----END PUBLIC KEY-----";
+
+int example_jwt_decode(char *jwt)
+{
+    struct l8w8jwt_decoding_params params;
+    l8w8jwt_decoding_params_init(&params);
+
+    params.alg = L8W8JWT_ALG_ES256;
+
+    params.jwt = jwt;
+    params.jwt_length = strlen(jwt);
+
+    params.verification_key = (unsigned char *)ECDSA_PUBLIC_KEY;
+    params.verification_key_length = strlen(ECDSA_PUBLIC_KEY);
+
+    params.validate_iss = "Black Mesa";
+    params.validate_iss_length = strlen(params.validate_iss);
+
+    params.validate_sub = "Gordon Freeman";
+    params.validate_sub_length = strlen(params.validate_sub);
+
+    params.validate_exp = 1;
+    params.exp_tolerance_seconds = 60;
+
+    params.validate_iat = 1;
+    params.iat_tolerance_seconds = 60;
+
+    enum l8w8jwt_validation_result validation_result;
+    int r = l8w8jwt_decode(&params, &validation_result, NULL, NULL);
+
+    printf("\nl8w8jwt_decode_es256 function returned %s (code %d).\n\nValidation result: \n%d\n", r == L8W8JWT_SUCCESS ? "successfully" : "", r, validation_result);
+    return r;
+}
+
+char *example_jwt_encode(void)
+{
+    char *jwt;
+    size_t jwt_length;
+
+    struct l8w8jwt_claim header_claims[] = {
+        {
+            .key = "kid",
+            .key_length = 3,
+            .value = "some-key-id-here-012345",
+            .value_length = strlen("some-key-id-here-012345"),
+            .type = L8W8JWT_CLAIM_TYPE_STRING
+        }
+    };
+
+    struct l8w8jwt_claim payload_claims[] = {
+        {
+            .key = "ctx",
+            .key_length = 3,
+            .value = "Unforseen Consequences",
+            .value_length = strlen("Unforseen Consequences"),
+            .type = L8W8JWT_CLAIM_TYPE_STRING
+        },
+        {
+            .key = "age",
+            .key_length = 3,
+            .value = "27",
+            .value_length = strlen("27"),
+            .type = L8W8JWT_CLAIM_TYPE_INTEGER
+        },
+        {
+            .key = "size",
+            .key_length = strlen("size"),
+            .value = "1.85",
+            .value_length = strlen("1.85"),
+            .type = L8W8JWT_CLAIM_TYPE_NUMBER
+        },
+        {
+            .key = "alive",
+            .key_length = strlen("alive"),
+            .value = "true",
+            .value_length = strlen("true"),
+            .type = L8W8JWT_CLAIM_TYPE_BOOLEAN
+        },
+        {
+            .key = "nulltest",
+            .key_length = strlen("nulltest"),
+            .value = "null",
+            .value_length = strlen("null"),
+            .type = L8W8JWT_CLAIM_TYPE_NULL
+        }
+    };
+
+    struct l8w8jwt_encoding_params params;
+    l8w8jwt_encoding_params_init(&params);
+
+    params.alg = L8W8JWT_ALG_ES256;
+
+    params.sub = "Gordon Freeman";
+    params.sub_length = strlen("Gordon Freeman");
+
+    params.iss = "Black Mesa";
+    params.iss_length = strlen("Black Mesa");
+
+    params.aud = "Administrator";
+    params.aud_length = strlen("Administrator");
+
+    params.iat = time(NULL);
+    params.exp = time(NULL) + 600; // Set to expire after 10 minutes (600 seconds).
+
+    params.additional_header_claims = header_claims;
+    params.additional_header_claims_count = sizeof(header_claims) / sizeof(struct l8w8jwt_claim);
+
+    params.additional_payload_claims = payload_claims;
+    params.additional_payload_claims_count = sizeof(payload_claims) / sizeof(struct l8w8jwt_claim);
+
+    params.secret_key = (unsigned char *)ECDSA_PRIVATE_KEY;
+    params.secret_key_length = strlen(ECDSA_PRIVATE_KEY);
+
+    params.out = &jwt;
+    params.out_length = &jwt_length;
+
+    int r = l8w8jwt_encode(&params);
+    printf("\nl8w8jwt_encode_es256 function returned %s (code %d).\n\nCreated token: \n%s\n", r == L8W8JWT_SUCCESS ? "successfully" : "", r, jwt);
+
+    return jwt;
+}
+
+void app_main(void)
+{
+    printf("=== JWT Example on ESP32 ===\n");
+    char *jwt = example_jwt_encode();
+    int ret = example_jwt_decode(jwt);
+    l8w8jwt_free(jwt); /* Never forget to free the jwt string! */
+    printf("JWT generation and decoding: %s\n", ret == L8W8JWT_SUCCESS ? "success" : "failed");
+    return;
+}

l8w8jwt/idf_component.yml

@@ -0,0 +1,7 @@
+version: "2.2.1"
+description: "Minimal, OpenSSL-less and super lightweight JWT library written in C"
+url: https://github.com/espressif/idf-extra-components/tree/master/l8w8jwt
+dependencies:
+  idf: ">=5.0"
+  espressif/jsmn:
+    version: "^1.1.0"