Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add default value for signature algorithm #221

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add default value for signature algorithm #221

wants to merge 4 commits into from

Conversation

baarde
Copy link
Contributor

@baarde baarde commented Jan 15, 2025

Most of the time, the signature algorithm that should be used is dictated by the type of the private key.

  • Ed25519 keys support only one signature algorithm.
  • RFC 5753 section 8 recommends that "[the P-256 curve] be used with SHA-256; the P-384 curve be used with SHA-384; and the P-521 curve be used with SHA-512".
  • RSA keys support 4 signature algorithms. But most people use RSA with SHA-256 and nobody should use RSA with SHA-1 anymore.

More over, Certificate.PrivateKey is opaque to the user, who may not know what type of private key they're using and what the appropriate signature algorithm is.

For those reasons, we add convenience wrappers around methods with a signature algorithm to provide a reasonable default value.

Lukasa
Lukasa reviewed Jan 16, 2025
View reviewed changes
Copy link
Contributor

@Lukasa Lukasa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this! The patch is generally really good, I just left a few doc comment notes and an ask for more tests.

Sources/X509/Certificate.swift Show resolved Hide resolved
Sources/X509/CSR/CertificateSigningRequest.swift Show resolved Hide resolved
Tests/X509Tests/CertificateTests.swift
extensions: Certificate.Extensions {},
issuerPrivateKey: privateKey
)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know it's a bit of a chore, but can we get equivalent tests for the CMS and CSR use-cases as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's done. One test is currently failing, but that should be addressed by #220.

@baarde
Add support for Ed25519 to CMS
d747208 
Contrary to RSA and ECDSA that take a SHA digest of the message as their input, Ed25519 uses the original message when computing the signature. For this reason, no digest algorithm was previously defined for the Ed25519 signature algorithm. However CMS requires a digest algorithm to be present in the SignerInfo. Therefore creating a CMS signature using a Ed25519 private key would previously fail.

Per RFC 8419 section 2.3, "When signing with Ed25519, the message digest algorithm MUST be SHA-512".

AlgorithmIdentifier.init(digestAlgorithmFor:) has been updated accordingly.

Signature operations have been updated to delegate the validation of the signature algorithm and the computation of the message digest (when relevant) to the underlying key.
@baarde baarde force-pushed the default-signature-algorithm branch from bfb155e to 6bbb4fb Compare January 19, 2025 15:32
@baarde baarde requested a review from Lukasa January 19, 2025 15:33
Lukasa
Lukasa approved these changes Jan 21, 2025
View reviewed changes
Copy link
Contributor

@Lukasa Lukasa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice, this looks great.

@Lukasa Lukasa added the 🆕 semver/minor Adds new public API. label Jan 21, 2025
@Lukasa
Copy link
Contributor

Lukasa commented Jan 21, 2025

Looks like there's a few format issues to fix up.

@baarde
Copy link
Contributor Author

baarde commented Jan 21, 2025
edited
Loading

OK, I've finally added swift fomat lint as a pre-commit hook. 😅

@Lukasa
Copy link
Contributor

Lukasa commented Jan 22, 2025

Hah, sorry for that! The pain points of automation I suppose.

@Lukasa Lukasa enabled auto-merge (squash) January 22, 2025 18:16
@Lukasa
Copy link
Contributor

Lukasa commented Jan 22, 2025

Looks like we have some test failures here.

@baarde
Add default value for signature algorithm
8f8ee07 
Most of the time, the signature algorithm that should be used is dictated by the type of the private key.

* Ed25519 keys support only one signature algorithm.
* RFC 5753 section 8 recommends that "[the P-256 curve] be used with SHA-256; the P-384 curve be used with SHA-384; and the P-521 curve be used with SHA-512".
* RSA keys support 4 signature algorithms. But most people use RSA with SHA-256 and nobody should use RSA with SHA-1 anymore.

More over, Certificate.PrivateKey is opaque to the user, who may not know what type of private key they're using and what the appropriate signature algorithm is.

For those reasons, we add convenience wrappers around methods with a signature algorithm to provide a reasonable default value.
@baarde
Copy link
Contributor Author

baarde commented Jan 22, 2025

That's the problem of putting my commits in independent PRs: CMS signature with Ed25519 doesn't work (yet). 😅

I've rebased on top of #220. This fixes the tests.

auto-merge was automatically disabled January 22, 2025 20:56

Head branch was pushed to by a user without write access

@baarde baarde force-pushed the default-signature-algorithm branch from 849158f to 8f8ee07 Compare January 22, 2025 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lukasa Lukasa Lukasa approved these changes

Assignees
No one assigned
Labels
🆕 semver/minor Adds new public API.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@baarde @Lukasa