-
Notifications
You must be signed in to change notification settings - Fork 159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support loading RSAPSS public keys with parameters #268
Conversation
Parameters are stripped and the key is treated as a regular public key.
ccb902a
to
2ec52ab
Compare
@swift-server-bot add to allowlist |
Package.swift
Outdated
@@ -84,7 +84,9 @@ let package = Package( | |||
.library(name: "CCryptoBoringSSL", type: .static, targets: ["CCryptoBoringSSL"]), | |||
MANGLE_END */ | |||
], | |||
dependencies: [], | |||
dependencies: [ | |||
.package(url: "https://github.com/apple/swift-asn1.git", .upToNextMajor(from: "1.2.0")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit:
.package(url: "https://github.com/apple/swift-asn1.git", .upToNextMajor(from: "1.2.0")) | |
.package(url: "https://github.com/apple/swift-asn1.git", from: "1.2.0") |
// | ||
// | ||
// Created by Gautier Delorme on 24/09/2024. | ||
// |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add the license header that is present in other files and remove this header?
/// - Warning: Key sizes less than 2048 are not recommended and should only be used for compatibility reasons. | ||
public init<Bytes: DataProtocol>(unsafeDERRepresentation derRepresentation: Bytes) throws { | ||
self.backing = try BackingPublicKey(derRepresentation: derRepresentation) | ||
let sanitizedDer = try SubjectPublicKeyInfo.stripRsaPssParameters(derEncoded: [UInt8](derRepresentation)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a request for changes in this PR, but can you file an issue that asks us to move all our RSA key parsing into Swift ASN1? This is a pragmatic change for now, but as we're already parsing the key we should probably just stick with that now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this PR! I've left a few notes in the diff for cleaning up. |
return derEncoded | ||
} | ||
|
||
if spki.algorithmIdentifier.algorithm == .AlgorithmIdentifier.rsaPSS { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we turn this into a shortcut early return? If we don't have to make any modifications, we don't need to re-encode the key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, this LGTM.
Thanks very much! |
Head branch was pushed to by a user without write access
Support loading RSA PSS public keys with parameters.
Checklist
If you've made changes to
gyb
files.script/generate_boilerplate_files_with_gyb
and included updated generated files in a commit of this pull requestMotivation:
Trying to load those keys currently fails.
Modifications:
Parameters are stripped and the key is treated as a regular public key.
Result:
_RSA.Signing.PublicKey()
works with RSA PSS keys with parameters.