implement JWT parser

.gitmodules

@@ -6,3 +6,7 @@
 	path = third-party/BearSSL
 	url = https://github.com/bonifaido/BearSSL.git
 	branch = linux-kernel
+[submodule "third-party/fastjson"]
+	path = third-party/fastjson
+	url = https://github.com/bonifaido/json.c
+	branch = linux-kernel

.vscode/c_cpp_properties.json.template

@@ -23,8 +23,10 @@
                 "${linux-src}/arch/arm64/include/generated/",
                 "${linux-src}/arch/arm64/include/uapi/",
                 "${linux-src}/arch/arm64/include/generated/uapi/",
+                "third-party/",
                 "third-party/base64/",
                 "third-party/BearSSL/inc/",
+                "third-party/fastjson/",
                 "third-party/parson/",
                 "third-party/picohttpparser/",
                 "third-party/wasm3/source/"

Makefile

@@ -5,10 +5,10 @@ ccflags-y += -foptimize-sibling-calls \
 			 -DDEBUG=1 \
 			 -Dd_m3HasFloat=$(EMULATE_FLOATS) \
 			 -I$(PWD)/include \
+			 -I$(PWD)/third-party/ \
 			 -I$(PWD)/third-party/BearSSL/inc/ \
 			 -I$(PWD)/third-party/wasm3/source/ \
 			 -I$(PWD)/third-party/base64 \
-			 -I$(PWD)/third-party/parson \
 			 -I$(PWD)/third-party/picohttpparser \
 			 -Wall -g \
 			 #-Dd_m3LogCompile=1
@@ -64,6 +64,7 @@ camblet-objs :=  third-party/wasm3/source/m3_api_libc.o \
 			  third-party/wasm3/source/m3_module.o \
 			  third-party/wasm3/source/m3_parse.o \
 			  third-party/base64/base64.o \
+			  third-party/fastjson/json.o \
 			  third-party/parson/json.o \
 			  third-party/picohttpparser/picohttpparser.o \
 			  src/buffer.o \
@@ -85,7 +86,9 @@ camblet-objs :=  third-party/wasm3/source/m3_api_libc.o \
 			  src/sd.o \
 			  src/trace.o \
 			  src/http.o \
-			  src/spiffe.o
+			  src/spiffe.o \
+			  src/jwt.o \
+			  src/crypto.o
 
 # Set the path to the Kernel build utils.
 KBUILD=/lib/modules/$(shell uname -r)/build/

include/crypto.h

@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2024 Cisco and/or its affiliates. All rights reserved.
+ *
+ * SPDX-License-Identifier: MIT OR GPL-2.0-only
+ *
+ * Licensed under the MIT license <LICENSE.MIT or https://opensource.org/licenses/MIT> or the GPLv2 license
+ * <LICENSE.GPL or https://opensource.org/license/gpl-2-0>, at your option. This file may not be copied,
+ * modified, or distributed except according to those terms.
+ */
+
+#ifndef crypto_h
+#define crypto_h
+
+char *hmac_sha256(const char *data, unsigned data_len, const char *key, unsigned key_len);
+
+#endif

include/jwt.h

@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2024 Cisco and/or its affiliates. All rights reserved.
+ *
+ * SPDX-License-Identifier: MIT OR GPL-2.0-only
+ *
+ * Licensed under the MIT license <LICENSE.MIT or https://opensource.org/licenses/MIT> or the GPLv2 license
+ * <LICENSE.GPL or https://opensource.org/license/gpl-2-0>, at your option. This file may not be copied,
+ * modified, or distributed except according to those terms.
+ */
+
+#ifndef jwt_h
+#define jwt_h
+
+#include "jwt.h"
+
+typedef struct jwt
+{
+    char *alg;
+
+    char *iss;
+    char *sub;
+    char *aud;
+
+    u64 exp;
+    u64 nbf;
+    u64 iat;
+
+    // data is the base64url encoded JSON header.payload part of the JWT
+    const char *data;
+    unsigned data_len;
+
+    const char *signature;
+    unsigned signature_len;
+
+} jwt_t;
+
+jwt_t *jwt_parse(const char *jwt, const unsigned len);
+int jwt_verify(jwt_t *jwt, const char *secret, const unsigned secret_len);
+void jwt_free(jwt_t *jwt);
+
+#endif

include/socket.h

@@ -13,8 +13,6 @@
 
 #include <linux/inet.h>
 
-#include "json.h"
-
 int socket_init(void);
 void socket_exit(void);
 
@@ -37,6 +35,4 @@ typedef struct
     char *peer_spiffe_id;
 } tcp_connection_context;
 
-void add_net_conn_info_to_json(const tcp_connection_context *ctx, JSON_Object *json_object);
-
 #endif

src/commands.c

@@ -15,7 +15,7 @@
 #include <linux/ipv6.h>
 
 #include "commands.h"
-#include "json.h"
+#include "parson/json.h"
 #include "base64.h"
 #include "string.h"
 #include "socket.h"

src/crypto.c

@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2024 Cisco and/or its affiliates. All rights reserved.
+ *
+ * SPDX-License-Identifier: MIT OR GPL-2.0-only
+ *
+ * Licensed under the MIT license <LICENSE.MIT or https://opensource.org/licenses/MIT> or the GPLv2 license
+ * <LICENSE.GPL or https://opensource.org/license/gpl-2-0>, at your option. This file may not be copied,
+ * modified, or distributed except according to those terms.
+ */
+
+#include <crypto/hash.h>
+
+static struct shash_desc *init_sdesc(struct crypto_shash *alg)
+{
+    struct shash_desc *sdesc;
+    int size;
+
+    size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
+    sdesc = kmalloc(size, GFP_KERNEL);
+    if (!sdesc)
+        return ERR_PTR(-ENOMEM);
+    sdesc->tfm = alg;
+    return sdesc;
+}
+
+u8 *hmac_sha256(const u8 *data, unsigned data_len, const char *key, unsigned key_len)
+{
+    const char *hash_alg_name = "hmac(sha256)";
+    struct crypto_shash *shash;
+    int err;
+
+    shash = crypto_alloc_shash(hash_alg_name, 0, 0);
+
+    if (IS_ERR(shash))
+    {
+        printk(KERN_ERR "can't alloc alg %s\n", hash_alg_name);
+        return PTR_ERR(shash);
+    }
+
+    err = crypto_shash_setkey(shash, key, key_len);
+    if (err < 0)
+    {
+        printk(KERN_ERR "can't set key\n");
+        crypto_free_shash(shash);
+        return ERR_PTR(err);
+    }
+
+    struct shash_desc *desc = init_sdesc(shash);
+
+    u8 *out = kmalloc(crypto_shash_digestsize(shash), GFP_KERNEL);
+
+    printk("data: %.*s\n", data_len, data);
+
+    err = crypto_shash_digest(desc, data, data_len, out);
+
+    if (err < 0)
+    {
+        printk(KERN_ERR "can't digest\n");
+        crypto_free_shash(shash);
+        kfree(out);
+        kfree(desc);
+        return ERR_PTR(err);
+    }
+
+    crypto_free_shash(shash);
+    kfree(desc);
+
+    return out;
+}

src/device_driver.c

@@ -17,7 +17,7 @@
 
 #include "base64.h"
 #include "device_driver.h"
-#include "json.h"
+#include "parson/json.h"
 #include "opa.h"
 #include "proxywasm.h"
 #include "csr.h"