jayteemo · jayteemo · Sep 22, 2023 · Sep 22, 2023 · Jan 23, 2024 · Jan 23, 2024
diff --git a/include/modem/modem_jwt.h b/include/modem/modem_jwt.h
@@ -9,6 +9,7 @@
 
 #include <zephyr/types.h>
 #include <modem/modem_attest_token.h>
+#include <net/nrf_jwt.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -23,47 +24,6 @@ extern "C" {
  *
  */
 
-/**@brief The type of key to be used for signing the JWT. */
-enum jwt_key_type {
-	JWT_KEY_TYPE_CLIENT_PRIV = 2,
-	JWT_KEY_TYPE_ENDORSEMENT = 8,
-};
-
-/**@brief JWT signing algorithm */
-enum jwt_alg_type {
-	JWT_ALG_TYPE_ES256 = 0,
-};
-
-/** @brief JWT parameters required for JWT generation and pointer to generated JWT */
-struct jwt_data {
-	/** Modem sec tag to use for JWT signing */
-	unsigned int sec_tag;
-	/** Key type in the specified sec tag */
-	enum jwt_key_type key;
-	/** JWT signing algorithm */
-	enum jwt_alg_type alg;
-
-	/** Defines how long the JWT will be valid; in seconds (from generation).
-	 * The 'iat' and 'exp' claims will be populated only if the modem has a
-	 * valid date and time.
-	 */
-	uint32_t exp_delta_s;
-
-	/**  NULL terminated 'sub' claim; the principal that is the subject of the JWT */
-	const char *subject;
-	/**  NULL terminated 'aud' claim; intended recipient of the JWT */
-	const char *audience;
-
-	/** Buffer to which the NULL terminated JWT will be copied.
-	 * If a buffer is provided by the user, the size must also be set.
-	 * If buffer is NULL, memory will be allocated and user must free memory
-	 * when finished by calling @ref modem_jwt_free.
-	 */
-	char *jwt_buf;
-	/** Size of the user provided buffer or size of the allocated buffer */
-	size_t jwt_sz;
-};
-
 /**
  * @brief Generates a JWT using the supplied parameters. If successful,
  * the JWT string will be stored in the supplied struct.

diff --git a/include/net/nrf_cloud_coap.h b/include/net/nrf_cloud_coap.h
@@ -16,8 +16,10 @@ extern "C" {
 #endif
 
 #include <net/nrf_cloud_rest.h>
+#if defined(CONFIG_NRF_MODEM_LIB)
 #include <net/nrf_cloud_agnss.h>
 #include <net/nrf_cloud_pgps.h>
+#endif
 #include <net/nrf_cloud_codec.h>
 
 /**

diff --git a/include/net/nrf_jwt.h b/include/net/nrf_jwt.h
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+#ifndef NRF_JWT_H__
+#define NRF_JWT_H__
+
+#include <zephyr/types.h>
+#include <psa/crypto.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**@brief Source of the signing key */
+enum nrf_jwt_key_src {
+	NRF_JWT_KEY_SRC_MODEM,
+	NRF_JWT_KEY_SRC_PSA,
+	NRF_JWT_KEY_SRC_DER
+};
+
+/* Only ES256 is supported */
+#define NRF_JWT_KEY_DER_SZ 32
+
+/**@brief The type of key to be used for signing the JWT. */
+enum jwt_key_type {
+	JWT_KEY_TYPE_CLIENT_PRIV = 2,
+	JWT_KEY_TYPE_ENDORSEMENT = 8,
+};
+
+/**@brief JWT signing algorithm */
+enum jwt_alg_type {
+	JWT_ALG_TYPE_ES256 = 0,
+};
+
+/** @brief JWT parameters required for JWT generation and pointer to generated JWT */
+struct jwt_data {
+	enum nrf_jwt_key_src key_src;
+
+	/** For NRF_JWT_KEY_SRC_PSA types: PSA key handle of JWT signing key */
+	psa_key_handle_t signing_key_h;
+
+	/** For NRF_JWT_KEY_SRC_DER types:
+	 *    Raw private key of size NRF_JWT_KEY_DER_SZ.
+	 */
+	char *der;
+
+	/** For NRF_JWT_KEY_SRC_MODEM types:
+	 *    Modem sec tag to use for JWT signing
+	 */
+	unsigned int sec_tag;
+	/** For NRF_JWT_KEY_SRC_MODEM types:
+	 *    Key type in the specified sec tag */
+	enum jwt_key_type key;
+
+	/** JWT signing algorithm */
+	enum jwt_alg_type alg;
+
+	/** JWT expiration time/date; epoch seconds. If 0, 'exp' claim is
+	 * controlled by the exp_delta_s value.
+	 * Not used for NRF_JWT_KEY_SRC_MODEM types.
+	 */
+	int64_t exp_time_s;
+
+	/** Defines how long the JWT will be valid; in seconds (from generation).
+	 * For NRF_JWT_KEY_SRC_MODEM types:
+	 *    The 'iat' and 'exp' claims will be populated only if the modem has a
+	 *    valid date and time.
+	 * For other types:
+	 *    This value is used only if exp_time_s is 0.
+	 *    The DATE_TIME library must be enabled and able to obtain a valid date and time.
+	 */
+	uint32_t exp_delta_s;
+
+	/**  NULL terminated 'sub' claim; the principal that is the subject of the JWT */
+	const char *subject;
+	/**  NULL terminated 'aud' claim; intended recipient of the JWT */
+	const char *audience;
+
+	/** Buffer to which the NULL terminated JWT will be copied.
+	 * If a buffer is provided by the user, the size must also be set.
+	 * If buffer is NULL, memory will be allocated and user must free memory
+	 * when finished by calling @ref nrf_jwt_free.
+	 */
+	char *jwt_buf;
+	/** Size of the user provided buffer or size of the allocated buffer */
+	size_t jwt_sz;
+};
+
+int nrf_jwt_generate(struct jwt_data *const jwt);
+
+/**
+ * @brief Frees the JWT buffer.
+ *
+ * @param[in] jwt_buf Pointer to JWT struct containing allocated JWT buffer.
+ */
+void nrf_jwt_free(struct jwt_data *const jwt);
+
+/** @} */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MODEM_JWT_H__ */
diff --git a/samples/cellular/nrf_cloud_multi_service/CMakeLists.txt b/samples/cellular/nrf_cloud_multi_service/CMakeLists.txt
@@ -10,8 +10,9 @@ find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
 project(nrf_cloud_multi_service)
 zephyr_compile_definitions(PROJECT_NAME=${PROJECT_NAME})
 
-# Include certs files if enabled.
-zephyr_include_directories_ifdef(CONFIG_NRF_CLOUD_PROVISION_CERTIFICATES certs)
+if(CONFIG_NRF_CLOUD_COAP_WIFI_ADD_CREDS_FROM_FILE OR CONFIG_NRF_CLOUD_PROVISION_CERTIFICATES)
+	zephyr_include_directories(certs)
+endif()
 
 # NORDIC SDK APP START
 target_sources(app PRIVATE src/main.c)