lib: nrf_cloud: integrate app_jwt library

Replace internal JWT implementation with the app_jwt library.
Requires the usage of prime256v1 keys.

Signed-off-by: Maximilian Deubel <[email protected]>

Author: maxd-nordic

doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst

@@ -964,7 +964,11 @@ Libraries for networking
 * :ref:`lib_nrf_cloud` library:
 
   * Added the :kconfig:option:`CONFIG_NRF_CLOUD` Kconfig option to prevent unintended inclusion of nRF Cloud Kconfig variables in non-nRF Cloud projects.
-  * Updated to use the :ref:`lib_downloader` library for CoAP downloads.
+
+  * Updated:
+
+    * To use the :ref:`lib_downloader` library for CoAP downloads.
+    * To use the :ref:`lib_app_jwt` library to generate JWT tokens.
 
 Libraries for NFC
 -----------------

lib/app_jwt/CMakeLists.txt

@@ -9,3 +9,5 @@ zephyr_library()
 zephyr_library_sources(
     app_jwt.c
 )
+
+zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)

lib/app_jwt/Kconfig

@@ -6,7 +6,6 @@
 
 menuconfig APP_JWT
 	bool "Application JWT Library"
-	depends on SSF_CLIENT && SSF_PSA_CRYPTO_SERVICE_ENABLED && SSF_DEVICE_INFO_SERVICE_ENABLED
 	select BASE64
 	# Needed for time and date
 	select DATE_TIME
@@ -15,6 +14,10 @@ menuconfig APP_JWT
 	# Needed to print integer values in JSON
 	select CJSON_LIB
 	select CBPRINTF_FP_SUPPORT
+	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+	select PSA_WANT_ALG_ECDSA
+	select PSA_WANT_ECC_SECP_R1_256
+	select PSA_WANT_ALG_SHA_256
 
 if APP_JWT
 

subsys/net/lib/nrf_cloud/Kconfig

@@ -103,14 +103,7 @@ config NRF_CLOUD_JWT_SOURCE_CUSTOM
 	select EXPERIMENTAL
 	select TLS_CREDENTIALS
 	select BASE64
-	select TINYCRYPT
-	select TINYCRYPT_SHA256
-	select TINYCRYPT_ECC_DSA
-	select TINYCRYPT_CTR_PRNG
-	select TINYCRYPT_AES
-	select CJSON_LIB
-	depends on NEWLIB_LIBC_FLOAT_PRINTF || PICOLIBC_IO_FLOAT
-	depends on DATE_TIME
+	select APP_JWT
 	help
 	  JWTs are created and signed by the nRF Cloud library, not the modem.
 	  The signing key is obtained from the TLS credentials module.