Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for RSA PSS and RS384 signatures #188

Merged
4 commits merged into from
Nov 18, 2019
Merged

Add support for RSA PSS and RS384 signatures #188

4 commits merged into from
Nov 18, 2019

Conversation

JohanObrink
Copy link
Contributor

#175
Throws if iOS version < 11.0

@Jonathan-Airside Jonathan-Airside requested review from a user November 7, 2019 14:05
@Jonathan-Airside
Copy link
Contributor

Hey @JohanObrink, thanks for your contribution. We will have a look and give feedback as soon as possible.

@JohanObrink
Copy link
Contributor Author

Oh... I forgot: Also adds support for RS384

Supported formats are:

RS256, RS384, RS512, PS256, PS384, PS512

Jose-ElRobot
Jose-ElRobot reviewed Nov 7, 2019
View reviewed changes
JOSESwift/Sources/CryptoImplementation/RSA.swift Outdated
} else {
return nil
}

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Lines should not have trailing whitespace.
trailing_whitespace RSA.swift:52

Jose-ElRobot
Jose-ElRobot reviewed Nov 7, 2019
View reviewed changes
JOSESwift/Sources/CryptoImplementation/RSA.swift Outdated
} else {
return nil
}

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Lines should not have trailing whitespace.
trailing_whitespace RSA.swift:59

Jose-ElRobot
Jose-ElRobot reviewed Nov 7, 2019
View reviewed changes
Tests/JWSRSATests.swift Outdated
@@ -103,5 +132,27 @@ class JWSRSATests: RSACryptoTestCase {
let signature = try! signer.sign(header: JWSHeader(algorithm: algorithm), payload: Payload(message.data(using: .utf8)!))
XCTAssertEqual(jws.signature.data(), signature)
}

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Lines should not have trailing whitespace.
trailing_whitespace JWSRSATests.swift:135

Jose-ElRobot
Jose-ElRobot reviewed Nov 7, 2019
View reviewed changes
Tests/RSACryptoTestCase.swift Outdated
@@ -45,6 +45,15 @@ class RSACryptoTestCase: CryptoTestCase {
XZa_Aj3LkNWn1GSw5B4WQueb8E0uJVAzLSNbxA-ZNowlOgDtKHOEkwbZu6zj7WvLEm8xovgmAha_y7HssoXnH26Nu-8RMUYw-LXUJz6Fny1F_xc\
v_TA
"""

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Lines should not have trailing whitespace.
trailing_whitespace RSACryptoTestCase.swift:48

@Jose-ElRobot
Copy link

Jose-ElRobot commented Nov 7, 2019
edited
Loading

1 Message
📖 Any non-trivial changes to code should be reflected in the changelog. Please consider adding a note in the Unreleased section of the CHANGELOG.md.

Generated by 🚫 Danger

@JohanObrink
Removed trailing spaces
7797952 
...to satisfy our Jose-ElRobot overlord
ghost
ghost reviewed Nov 7, 2019
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is awesome, great job @JohanObrink and thanks for the contribution. 🎉

I only had a couple of small comments. See below and let me know what you think!

JOSESwift/Sources/Algorithms.swift Outdated Show resolved Hide resolved
JOSESwift/Sources/CryptoImplementation/RSA.swift Show resolved Hide resolved
JOSESwift/Sources/CryptoImplementation/RSA.swift Show resolved Hide resolved
Tests/JWSRSATests.swift
@@ -63,6 +77,21 @@ class JWSRSATests: RSACryptoTestCase {
self.performTestRSADeserialization(algorithm: .RS512, compactSerializedJWS: compactSerializedJWSRS512Const)
}

@available(*, deprecated)
func testSignVerifyAndDeserializeForPS256() {
performTestRSASerializationValidationAndDeserialization(algorithm: .PS256)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also add an example serialization for each of the three RSASSA-PSS algorithms, similar to what we have for the RSASSA-PKCS1-v1_5 algorithms. Then you should be able to reuse the self.performTestRSASign and self.performTestRSADeserialization helper functions. I'd prefer that instead of this new testSignVerifyAndDeserializeForPS256 helper. Let me know if you disagree!

While looking at your code for performTestRSASerializationValidationAndDeserialization I noticed that we have an issue in self.performTestRSASign. See here: #189. You can just ignore that issue and use the function as you did for the RS384 test. I will fix #189 after merging your pull request.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The thing is that the signature will differ every time since PSS isn't determinate (it stands for Probabilistic Signing Signature). This means that it cannot be tested by comparison - only by validation. My understanding is that this is part of why it is recommended over the old signing scheme.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh stupid me, you're right of course.

In this case, please just remove this line from performTestRSASerializationValidationAndDeserialization:

XCTAssertEqual(compactSerializedJWS, compactSerializedJWS)

as it doesn't really do anything (this is the same issue as in #189).

Tests/JWSRSATests.swift Show resolved Hide resolved
ghost
ghost reviewed Nov 8, 2019
View reviewed changes
Copy link

@ghost ghost left a comment
edited by ghost
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the quick responses @JohanObrink!

Please just remove that one line mentioned above, and we should be good to go! 🚀

@JohanObrink
Copy link
Contributor Author

@daniel-mohemian I've been away for a couple of days so I couldn't address that. It's done now :)

@ghost
Copy link

ghost commented Nov 13, 2019

Nice that's perfect @JohanObrink. Somehow the build system is having some issues. I'll have a look into that tomorrow so that we can merge your pull request and release the changes.

Thanks for your contribution, I'll keep you posted on the status of the release. 👍

@ghost
Copy link

ghost commented Nov 18, 2019

I will fix the build issues through another pull request before the release. Thanks again for you contribution @JohanObrink. 🎉

@ghost ghost changed the title Adds support for RSA PSS Signatures Add support for RSA PSS Signatures Nov 18, 2019
@ghost ghost changed the title Add support for RSA PSS Signatures Add support for RSA PSS and RS384 signatures Nov 18, 2019
@ghost ghost merged commit 6acdbca into airsidemobile:master Nov 18, 2019
@ghost ghost mentioned this pull request Nov 18, 2019
Merged
@ghost
Copy link

ghost commented Nov 26, 2019

A bit late, but there we go: 2.0.0. 🎉

@ghost ghost mentioned this pull request Feb 13, 2020
Closed
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jose-ElRobot Jose-ElRobot Jose-ElRobot left review comments

Assignees

@JohanObrink JohanObrink

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@JohanObrink @Jonathan-Airside @Jose-ElRobot