[Collections] Signing (part 2): signed collections

This is part 2 of a series of PRs to support package collection signing.

Depends on [part 1](swiftlang#3241)

Modifications:

Add support for signing with EC and RSA keys

Author: yim-lee

Sources/PackageCollectionsSigning/CMakeLists.txt

@@ -12,6 +12,10 @@ add_library(PackageCollectionsSigning
   Key/Key.swift
   Key/Key+EC.swift
   Key/Key+RSA.swift
+  Signing/BoringSSLSigning.swift
+  Signing/Signing.swift
+  Signing/Signing+ECKey.swift
+  Signing/Signing+RSAKey.swift
   Utilities/Utilities.swift)
 target_link_libraries(PackageCollectionsSigning PUBLIC
    $<$<NOT:$<PLATFORM_ID:Darwin>>:dispatch>

Sources/PackageCollectionsSigning/Key/Key.swift

@@ -10,15 +10,15 @@
 
 import Foundation
 
-protocol PrivateKey {
+protocol PrivateKey: MessageSigner {
     /// Creates a private key from PEM.
     ///
     /// - Parameters:
     ///   - pem: The key in PEM format, including the `-----BEGIN` and `-----END` lines.
     init<Data>(pem data: Data) throws where Data: DataProtocol
 }
 
-protocol PublicKey {
+protocol PublicKey: MessageValidator {
     /// Creates a public key from raw bytes.
     ///
     /// Refer to implementation for details on what representation the raw bytes should be.

Sources/PackageCollectionsSigning/Signing/BoringSSLSigning.swift

@@ -0,0 +1,63 @@
+/*
+ This source file is part of the Swift.org open source project
+
+ Copyright (c) 2021 Apple Inc. and the Swift project authors
+ Licensed under Apache License v2.0 with Runtime Library Exception
+
+ See http://swift.org/LICENSE.txt for license information
+ See http://swift.org/CONTRIBUTORS.txt for Swift project authors
+ */
+
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the Vapor open source project
+//
+// Copyright (c) 2017-2020 Vapor project authors
+// Licensed under MIT
+//
+// See LICENSE for license information
+//
+// SPDX-License-Identifier: MIT
+//
+//===----------------------------------------------------------------------===//
+
+#if !(os(macOS) || os(iOS) || os(watchOS) || os(tvOS))
+import Foundation
+
+@_implementationOnly import CCryptoBoringSSL
+
+protocol BoringSSLSigning {}
+
+extension BoringSSLSigning {
+    // Source: https://github.com/vapor/jwt-kit/blob/master/Sources/JWTKit/Utilities/OpenSSLSigner.swift
+    func digest<Message>(_ message: Message, algorithm: OpaquePointer) throws -> [UInt8] where Message: DataProtocol {
+        let context = CCryptoBoringSSL_EVP_MD_CTX_new()
+        defer { CCryptoBoringSSL_EVP_MD_CTX_free(context) }
+
+        guard CCryptoBoringSSL_EVP_DigestInit_ex(context, algorithm, nil) == 1 else {
+            throw BoringSSLSigningError.digestInitializationFailure
+        }
+
+        let message = message.copyBytes()
+
+        guard CCryptoBoringSSL_EVP_DigestUpdate(context, message, numericCast(message.count)) == 1 else {
+            throw BoringSSLSigningError.digestUpdateFailure
+        }
+
+        var digest: [UInt8] = .init(repeating: 0, count: Int(EVP_MAX_MD_SIZE))
+        var digestLength: UInt32 = 0
+
+        guard CCryptoBoringSSL_EVP_DigestFinal_ex(context, &digest, &digestLength) == 1 else {
+            throw BoringSSLSigningError.digestFinalizationFailure
+        }
+
+        return .init(digest[0 ..< Int(digestLength)])
+    }
+}
+
+enum BoringSSLSigningError: Error {
+    case digestInitializationFailure
+    case digestUpdateFailure
+    case digestFinalizationFailure
+}
+#endif

Sources/PackageCollectionsSigning/Signing/Signing+ECKey.swift

@@ -0,0 +1,28 @@
+/*
+ This source file is part of the Swift.org open source project
+
+ Copyright (c) 2021 Apple Inc. and the Swift project authors
+ Licensed under Apache License v2.0 with Runtime Library Exception
+
+ See http://swift.org/LICENSE.txt for license information
+ See http://swift.org/CONTRIBUTORS.txt for Swift project authors
+ */
+
+import struct Foundation.Data
+
+import Crypto
+
+// MARK: - MessageSigner and MessageValidator conformance
+
+extension ECPrivateKey {
+    func sign(message: Data) throws -> Data {
+        let signature = try self.underlying.signature(for: SHA256.hash(data: message))
+        return signature.rawRepresentation
+    }
+}
+
+extension ECPublicKey {
+    func isValidSignature(_ signature: Data, for message: Data) throws -> Bool {
+        return try self.underlying.isValidSignature(.init(rawRepresentation: signature), for: SHA256.hash(data: message))
+    }
+}

Sources/PackageCollectionsSigning/Signing/Signing+RSAKey.swift

@@ -0,0 +1,112 @@
+/*
+ This source file is part of the Swift.org open source project
+
+ Copyright (c) 2021 Apple Inc. and the Swift project authors
+ Licensed under Apache License v2.0 with Runtime Library Exception
+
+ See http://swift.org/LICENSE.txt for license information
+ See http://swift.org/CONTRIBUTORS.txt for Swift project authors
+ */
+
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the Vapor open source project
+//
+// Copyright (c) 2017-2020 Vapor project authors
+// Licensed under MIT
+//
+// See LICENSE for license information
+//
+// SPDX-License-Identifier: MIT
+//
+//===----------------------------------------------------------------------===//
+
+import struct Foundation.Data
+
+#if os(macOS) || os(iOS) || os(watchOS) || os(tvOS)
+import Security
+#else
+@_implementationOnly import CCryptoBoringSSL
+#endif
+
+// MARK: - MessageSigner and MessageValidator conformance using the Security framework
+
+#if os(macOS) || os(iOS) || os(watchOS) || os(tvOS)
+extension CoreRSAPrivateKey {
+    func sign(message: Data) throws -> Data {
+        var error: Unmanaged<CFError>?
+        guard let signature = SecKeyCreateSignature(self.underlying,
+                                                    .rsaSignatureMessagePKCS1v15SHA256,
+                                                    message as CFData,
+                                                    &error) as Data? else {
+            throw error.map { $0.takeRetainedValue() as Error } ?? SigningError.signFailure
+        }
+        return signature
+    }
+}
+
+extension CoreRSAPublicKey {
+    func isValidSignature(_ signature: Data, for message: Data) throws -> Bool {
+        SecKeyVerifySignature(
+            self.underlying,
+            .rsaSignatureMessagePKCS1v15SHA256,
+            message as CFData,
+            signature as CFData,
+            nil // no-match is considered an error as well so we would rather not trap it
+        )
+    }
+}
+
+// MARK: - MessageSigner and MessageValidator conformance using BoringSSL
+
+#else
+// Reference: https://github.com/vapor/jwt-kit/blob/master/Sources/JWTKit/RSA/RSASigner.swift
+extension BoringSSLRSAPrivateKey: BoringSSLSigning {
+    func sign(message: Data) throws -> Data {
+        guard let algorithm = CCryptoBoringSSL_EVP_sha256() else {
+            throw SigningError.algorithmFailure
+        }
+
+        let digest = try self.digest(message, algorithm: algorithm)
+
+        var signatureLength: UInt32 = 0
+        var signature = [UInt8](
+            repeating: 0,
+            count: Int(CCryptoBoringSSL_RSA_size(self.underlying))
+        )
+
+        guard CCryptoBoringSSL_RSA_sign(
+            CCryptoBoringSSL_EVP_MD_type(algorithm),
+            digest,
+            numericCast(digest.count),
+            &signature,
+            &signatureLength,
+            self.underlying
+        ) == 1 else {
+            throw SigningError.signFailure
+        }
+
+        return Data(signature[0 ..< numericCast(signatureLength)])
+    }
+}
+
+extension BoringSSLRSAPublicKey: BoringSSLSigning {
+    func isValidSignature(_ signature: Data, for message: Data) throws -> Bool {
+        guard let algorithm = CCryptoBoringSSL_EVP_sha256() else {
+            throw SigningError.algorithmFailure
+        }
+
+        let digest = try self.digest(message, algorithm: algorithm)
+        let signature = signature.copyBytes()
+
+        return CCryptoBoringSSL_RSA_verify(
+            CCryptoBoringSSL_EVP_MD_type(algorithm),
+            digest,
+            numericCast(digest.count),
+            signature,
+            numericCast(signature.count),
+            self.underlying
+        ) == 1
+    }
+}
+#endif

Sources/PackageCollectionsSigning/Signing/Signing.swift

@@ -0,0 +1,35 @@
+/*
+ This source file is part of the Swift.org open source project
+
+ Copyright (c) 2021 Apple Inc. and the Swift project authors
+ Licensed under Apache License v2.0 with Runtime Library Exception
+
+ See http://swift.org/LICENSE.txt for license information
+ See http://swift.org/CONTRIBUTORS.txt for Swift project authors
+ */
+
+import struct Foundation.Data
+
+protocol MessageSigner {
+    /// Signs a message.
+    ///
+    /// - Returns:The message's signature.
+    ///
+    /// - Parameters:
+    ///   - message: The message to sign.
+    func sign(message: Data) throws -> Data
+}
+
+protocol MessageValidator {
+    /// Checks if a signature is valid for a message.
+    ///
+    /// - Parameters:
+    ///   - signature: The signature to verify.
+    ///   - message: The message to check signature for.
+    func isValidSignature(_ signature: Data, for message: Data) throws -> Bool
+}
+
+enum SigningError: Error {
+    case signFailure
+    case algorithmFailure
+}

Tests/PackageCollectionsSigningTests/SigningTests+ECKey.swift

@@ -0,0 +1,36 @@
+/*
+ This source file is part of the Swift.org open source project
+
+ Copyright (c) 2021 Apple Inc. and the Swift project authors
+ Licensed under Apache License v2.0 with Runtime Library Exception
+
+ See http://swift.org/LICENSE.txt for license information
+ See http://swift.org/CONTRIBUTORS.txt for Swift project authors
+ */
+
+import Foundation
+import XCTest
+
+@testable import PackageCollectionsSigning
+
+class ECKeySigningTests: XCTestCase {
+    func test_signAndValidate_happyCase() throws {
+        let privateKey = try ECPrivateKey(pem: ecPrivateKey.bytes)
+        let publicKey = try ECPublicKey(pem: ecPublicKey.bytes)
+
+        let message = try JSONEncoder().encode(["foo": "bar"])
+        let signature = try privateKey.sign(message: message)
+        XCTAssertTrue(try publicKey.isValidSignature(signature, for: message))
+    }
+
+    func test_signAndValidate_mismatch() throws {
+        let privateKey = try ECPrivateKey(pem: ecPrivateKey.bytes)
+        let publicKey = try ECPublicKey(pem: ecPublicKey.bytes)
+
+        let jsonEncoder = JSONEncoder()
+        let message = try jsonEncoder.encode(["foo": "bar"])
+        let otherMessage = try jsonEncoder.encode(["foo": "baz"])
+        let signature = try privateKey.sign(message: message)
+        XCTAssertFalse(try publicKey.isValidSignature(signature, for: otherMessage))
+    }
+}

Tests/PackageCollectionsSigningTests/SigningTests+RSAKey.swift

@@ -0,0 +1,36 @@
+/*
+ This source file is part of the Swift.org open source project
+
+ Copyright (c) 2021 Apple Inc. and the Swift project authors
+ Licensed under Apache License v2.0 with Runtime Library Exception
+
+ See http://swift.org/LICENSE.txt for license information
+ See http://swift.org/CONTRIBUTORS.txt for Swift project authors
+ */
+
+import Foundation
+import XCTest
+
+@testable import PackageCollectionsSigning
+
+class RSAKeySigningTests: XCTestCase {
+    func test_signAndValidate_happyCase() throws {
+        let privateKey = try RSAPrivateKey(pem: rsaPrivateKey.bytes)
+        let publicKey = try RSAPublicKey(pem: rsaPublicKey.bytes)
+
+        let message = try JSONEncoder().encode(["foo": "bar"])
+        let signature = try privateKey.sign(message: message)
+        XCTAssertTrue(try publicKey.isValidSignature(signature, for: message))
+    }
+
+    func test_signAndValidate_mismatch() throws {
+        let privateKey = try RSAPrivateKey(pem: rsaPrivateKey.bytes)
+        let publicKey = try RSAPublicKey(pem: rsaPublicKey.bytes)
+
+        let jsonEncoder = JSONEncoder()
+        let message = try jsonEncoder.encode(["foo": "bar"])
+        let otherMessage = try jsonEncoder.encode(["foo": "baz"])
+        let signature = try privateKey.sign(message: message)
+        XCTAssertFalse(try publicKey.isValidSignature(signature, for: otherMessage))
+    }
+}