Merge pull request #1 from airsidemobile/master

Merge origin master in

.gitignore

@@ -1,9 +1,25 @@
+
+# Created by https://www.gitignore.io/api/xcode,macos,carthage,cocoapods
+
+### Carthage ###
+# Carthage
 #
-# macOS
-#
+# Add this line if you want to avoid checking in source code from Carthage dependencies.
+# Carthage/Checkouts
+
+Carthage/Build
 
+### CocoaPods ###
+## CocoaPods GitIgnore Template
+
+# CocoaPods - Only use to conserve bandwidth / Save time on Pushing
+#           - Also handy if you have a large number of dependant pods
+#           - AS PER https://guides.cocoapods.org/using/using-cocoapods.html NEVER IGNORE THE LOCK FILE
+Pods/
+
+### macOS ###
 # General
-*.DS_Store
+.DS_Store
 .AppleDouble
 .LSOverride
 
@@ -29,15 +45,22 @@ Network Trash Folder
 Temporary Items
 .apdisk
 
-#
+### Xcode ###
 # Xcode
 #
+# gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore
 
-## Build generated
+## User settings
+xcuserdata/
+
+## compatibility with Xcode 8 and earlier (ignoring not required starting Xcode 9)
+*.xcscmblueprint
+*.xccheckout
+
+## compatibility with Xcode 3 and earlier (ignoring not required starting Xcode 4)
 build/
 DerivedData/
-
-## Various settings
+*.moved-aside
 *.pbxuser
 !default.pbxuser
 *.mode1v3
@@ -46,58 +69,13 @@ DerivedData/
 !default.mode2v3
 *.perspectivev3
 !default.perspectivev3
-xcuserdata/
-**/xcuserdata/
-
-## Other
-*.moved-aside
-*.xccheckout
-*.xcscmblueprint
 
-## Obj-C/Swift specific
-*.hmap
-*.ipa
-*.dSYM.zip
-*.dSYM
+### Xcode Patch ###
+*.xcodeproj/*
+!*.xcodeproj/project.pbxproj
+!*.xcodeproj/xcshareddata/
+!*.xcworkspace/contents.xcworkspacedata
+/*.gcno
 
-## Playgrounds
-timeline.xctimeline
-playground.xcworkspace
 
-# Swift Package Manager
-#
-# Add this line if you want to avoid checking in source code from Swift Package Manager dependencies.
-# Packages/
-# Package.pins
-.build/
-
-# CocoaPods
-#
-# We recommend against adding the Pods directory to your .gitignore. However
-# you should judge for yourself, the pros and cons are mentioned at:
-# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
-#
-Pods/
-
-# Carthage
-#
-# Add this line if you want to avoid checking in source code from Carthage dependencies.
-# Carthage/Checkouts
-
-Carthage/Build
-
-# fastlane
-#
-# It is recommended to not store the screenshots in the git repo. Instead, use fastlane to re-generate the
-# screenshots whenever they are needed.
-# For more information about the recommended setup visit:
-# https://docs.fastlane.tools/best-practices/source-control/#source-control
-
-fastlane/report.xml
-fastlane/Preview.html
-fastlane/screenshots
-fastlane/test_output
-/test_output
-
-.idea/
-sonar-reports/
+# End of https://www.gitignore.io/api/xcode,macos,carthage,cocoapods

JOSESwift.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEDidComputeMac32BitWarning</key>
+	<true/>
+</dict>
+</plist>

JOSESwift/Sources/AESDecrypter.swift

@@ -25,7 +25,15 @@ import Foundation
 
 /// A `SymmetricDecrypter` to decrypt a cipher text with an `AES` algorithm.
 internal struct AESDecrypter: SymmetricDecrypter {
+    typealias KeyType = AES.KeyType
+
     let algorithm: SymmetricKeyAlgorithm
+    let symmetricKey: KeyType?
+
+    init(algorithm: SymmetricKeyAlgorithm, symmetricKey: KeyType? = nil) {
+        self.algorithm = algorithm
+        self.symmetricKey = symmetricKey
+    }
 
     func decrypt(_ context: SymmetricDecryptionContext, with symmetricKey: Data) throws -> Data {
         // Check if the key length contains both HMAC key and the actual symmetric key.

JOSESwift/Sources/AESEncrypter.swift

@@ -25,7 +25,15 @@ import Foundation
 
 /// A `SymmetricEncrypter` to encrypt plaintext with an `AES` algorithm.
 internal struct AESEncrypter: SymmetricEncrypter {
+    typealias KeyType = AES.KeyType
+
     let algorithm: SymmetricKeyAlgorithm
+    let symmetricKey: KeyType?
+
+    init(algorithm: SymmetricKeyAlgorithm, symmetricKey: KeyType? = nil) {
+        self.algorithm = algorithm
+        self.symmetricKey = symmetricKey
+    }
 
     func encrypt(_ plaintext: Data, with symmetricKey: Data, additionalAuthenticatedData: Data) throws -> SymmetricEncryptionContext {
         // Generate random intitialization vector.

JOSESwift/Sources/Algorithms.swift

@@ -34,8 +34,10 @@ public enum SignatureAlgorithm: String {
 /// An algorithm for asymmetric encryption and decryption.
 ///
 /// - RSA1_5: [RSAES-PKCS1-v1_5](https://tools.ietf.org/html/rfc7518#section-4.2)
+/// - direct: [Direct Encryption with a Shared Symmetric Key](https://tools.ietf.org/html/rfc7518#section-4.5)
 public enum AsymmetricKeyAlgorithm: String {
     case RSA1_5 = "RSA1_5"
+    case direct = "dir"
 }
 
 /// An algorithm for symmetric encryption and decryption.

JOSESwift/Sources/CryptoImplementation/AES.swift

@@ -47,6 +47,8 @@ fileprivate extension SymmetricKeyAlgorithm {
 }
 
 internal struct AES {
+    typealias KeyType = Data
+
     /// Encrypts a plain text using a given `AES` algorithm, the corresponding symmetric key and an initialization vector.
     ///
     /// - Parameters:
@@ -56,7 +58,7 @@ internal struct AES {
     ///   - initializationVector: The initial block.
     /// - Returns: The cipher text (encrypted plain text).
     /// - Throws: `AESError` if any error occurs during encryption.
-    static func encrypt(plaintext: Data, with encryptionKey: Data, using algorithm: SymmetricKeyAlgorithm, and initializationVector: Data) throws -> Data {
+    static func encrypt(plaintext: Data, with encryptionKey: KeyType, using algorithm: SymmetricKeyAlgorithm, and initializationVector: Data) throws -> Data {
         switch algorithm {
         case .A256CBCHS512:
             guard algorithm.checkAESKeyLength(for: encryptionKey) else {

JOSESwift/Sources/CryptoImplementation/DataSymmetricKey.swift

@@ -0,0 +1,34 @@
+//
+//  DataSymmetricKey.swift
+//  JOSESwift
+//
+//  Created by Daniel Egger on 10.07.18.
+//
+//  ---------------------------------------------------------------------------
+//  Copyright 2018 Airside Mobile Inc.
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+//  ---------------------------------------------------------------------------
+//
+
+import Foundation
+
+extension Data: ExpressibleAsSymmetricKeyComponents {
+    public static func representing(symmetricKeyComponents components: SymmetricKeyComponents) throws -> Data {
+        return components
+    }
+
+    public func symmetricKeyComponents() throws -> SymmetricKeyComponents {
+        return self
+    }
+}

JOSESwift/Sources/CryptoImplementation/RSA.swift

@@ -50,6 +50,8 @@ fileprivate extension AsymmetricKeyAlgorithm {
         switch self {
         case .RSA1_5:
             return .rsaEncryptionPKCS1
+        default:
+            return nil
         }
     }
 
@@ -60,14 +62,18 @@ fileprivate extension AsymmetricKeyAlgorithm {
         case .RSA1_5:
             // For detailed information about the allowed plain text length for RSAES-PKCS1-v1_5,
             // please refer to the RFC(https://tools.ietf.org/html/rfc3447#section-7.2).
-            return plainText.count < (SecKeyGetBlockSize(publicKey) - 11)
+            return plainText.count <= (SecKeyGetBlockSize(publicKey) - 11)
+        default:
+            return false
         }
     }
 
     func isCipherTextLenghtSatisfied(_ cipherText: Data, for privateKey: SecKey) -> Bool {
         switch self {
         case .RSA1_5:
             return cipherText.count == SecKeyGetBlockSize(privateKey)
+        default:
+            return false
         }
     }
 }

JOSESwift/Sources/CryptoImplementation/SecureRandom.swift

@@ -24,17 +24,17 @@
 import Foundation
 import Security
 
-internal enum SecureRandomError: Error {
+public enum SecureRandomError: Error {
     case failed(status: OSStatus)
 }
 
-internal struct SecureRandom {
+public struct SecureRandom {
     /// Generates secure random data with a given count.
     ///
     /// - Parameter count: The count of the random generated data.
     /// - Returns: The random generated data.
     /// - Throws: `SecureRandomError` if any error occurs during generation of secure random bytes. 
-    internal static func generate(count: Int) throws -> Data {
+    public static func generate(count: Int) throws -> Data {
         var generatedRandom = Data(count: count)
 
         let randomGenerationStatus = generatedRandom.withUnsafeMutableBytes { mutableRandomBytes in

JOSESwift/Sources/DataExtensions.swift

@@ -28,7 +28,7 @@ extension Data {
     ///
     /// - Parameter base64URLString: The base64url encoded string to parse.
     /// - Returns: `nil` if the input is not recognized as valid base64url.
-    init?(base64URLEncoded base64URLString: String) {
+    public init?(base64URLEncoded base64URLString: String) {
         var s = base64URLString
             .replacingOccurrences(of: "-", with: "+")
             .replacingOccurrences(of: "_", with: "/")
@@ -48,7 +48,7 @@ extension Data {
     ///
     /// - Parameter base64URLData: The base64url, UTF-8 encoded data.
     /// - Returns: `nil` if the input is not recognized as valid base64url.
-    init?(base64URLEncoded base64URLData: Data) {
+    public init?(base64URLEncoded base64URLData: Data) {
         guard let s = String(data: base64URLData, encoding: .utf8) else {
             return nil
         }
@@ -59,7 +59,7 @@ extension Data {
     /// Returns a base64url encoded string.
     ///
     /// - Returns: The base64url encoded string.
-    func base64URLEncodedString() -> String {
+    public func base64URLEncodedString() -> String {
         let s = self.base64EncodedString()
         return s
             .replacingOccurrences(of: "=", with: "")
@@ -70,7 +70,7 @@ extension Data {
     /// Returns base64url encoded data.
     ///
     /// - Returns: The base64url encoded data.
-    func base64URLEncodedData() -> Data {
+    public func base64URLEncodedData() -> Data {
         // UTF-8 can represent [all Unicode characters](https://en.wikipedia.org/wiki/UTF-8), so this 
         // forced unwrap is safe. See also [this](https://stackoverflow.com/a/46152738/5233456) SO answer.
         return self.base64URLEncodedString().data(using: .utf8)!