lib: nrf_cloud: integrate app_jwt library

Replace internal JWT implementation with the app_jwt library.
Requires the usage of prime256v1 keys.

Signed-off-by: Maximilian Deubel <maximilian.deubel@nordicsemi.no>

Author: maxd-nordic

doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst

@@ -908,6 +908,7 @@ Libraries for networking
 
   * Added the :kconfig:option:`CONFIG_NRF_CLOUD` Kconfig option to prevent unintended inclusion of nRF Cloud Kconfig variables in non-nRF Cloud projects.
   * Updated to use the :ref:`lib_downloader` library for CoAP downloads.
+  * Updated to use the :ref:`lib_app_jwt` library to generate JWT tokens.
 
 Libraries for NFC
 -----------------

include/app_jwt.h

@@ -23,6 +23,7 @@ extern "C" {
 #include <stdint.h>
 #include <stdbool.h>
 #include <strings.h>
+#include <modem/modem_jwt.h>
 
 /** @brief Maximum size of a JWT string, could be used to allocate JWT
  *         output buffer.
@@ -44,25 +45,14 @@ extern "C" {
 /** @brief Size in bytes of each JWT String field */
 #define APP_JWT_CLAIM_MAX_SIZE 64
 
-/** @brief The type of key to be used for signing the JWT. */
-enum app_jwt_key_type {
-	JWT_KEY_TYPE_CLIENT_PRIV = 2,
-	JWT_KEY_TYPE_ENDORSEMENT = 8,
-};
-
-/** @brief JWT signing algorithm */
-enum app_jwt_alg_type {
-	JWT_ALG_TYPE_ES256 = 0,
-};
-
 /** @brief JWT parameters required for JWT generation and pointer to generated JWT */
 struct app_jwt_data {
 	/** Sec tag to use for JWT signing */
 	unsigned int sec_tag;
 	/** Key type in the specified sec tag */
-	enum app_jwt_key_type key_type;
+	enum jwt_key_type key_type;
 	/** JWT signing algorithm */
-	enum app_jwt_alg_type alg;
+	enum jwt_alg_type alg;
 
 	/**
 	 * Indicates if a 'kid' claim is required or not, if set to 1, 'kid' claim

lib/app_jwt/CMakeLists.txt

@@ -9,3 +9,5 @@ zephyr_library()
 zephyr_library_sources(
     app_jwt.c
 )
+
+zephyr_link_libraries(mbedTLS)

lib/app_jwt/Kconfig

@@ -6,7 +6,6 @@
 
 menuconfig APP_JWT
 	bool "Application JWT Library"
-	depends on SSF_CLIENT && SSF_PSA_CRYPTO_SERVICE_ENABLED && SSF_DEVICE_INFO_SERVICE_ENABLED
 	select BASE64
 	# Needed for time and date
 	select DATE_TIME
@@ -15,6 +14,7 @@ menuconfig APP_JWT
 	# Needed to print integer values in JSON
 	select CJSON_LIB
 	select CBPRINTF_FP_SUPPORT
+	select MBEDTLS
 
 if APP_JWT
 

lib/app_jwt/app_jwt.c

@@ -14,7 +14,11 @@
 #include <date_time.h>
 #include <psa/crypto.h>
 #include <psa/crypto_extra.h>
+#if defined(CONFIG_BOARD_NATIVE_SIM)
+#define IAK_APPLICATION_GEN1 0x41020100
+#else
 #include <psa/nrf_platform_key_ids.h>
+#endif
 
 #include <cJSON.h>
 

subsys/net/lib/nrf_cloud/Kconfig

@@ -103,14 +103,7 @@ config NRF_CLOUD_JWT_SOURCE_CUSTOM
 	select EXPERIMENTAL
 	select TLS_CREDENTIALS
 	select BASE64
-	select TINYCRYPT
-	select TINYCRYPT_SHA256
-	select TINYCRYPT_ECC_DSA
-	select TINYCRYPT_CTR_PRNG
-	select TINYCRYPT_AES
-	select CJSON_LIB
-	depends on NEWLIB_LIBC_FLOAT_PRINTF || PICOLIBC_IO_FLOAT
-	depends on DATE_TIME
+	select APP_JWT
 	help
 	  JWTs are created and signed by the nRF Cloud library, not the modem.
 	  The signing key is obtained from the TLS credentials module.