-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add ES256, ES384 and ES512 support #40
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks really good, some doc comments, and also an API question on the use of String for curve
/ curveId
README.md
Outdated
@@ -176,6 +178,11 @@ The supported algorithms for signing and verifying JWTs are: | |||
* HS512 - HMAC using using SHA-512 | |||
* none - Don't sign or verify the JWT | |||
|
|||
ECDSA is available from **Swift 4.1** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Move this below the ECDSA list, and I'd word it as:
Note: ECDSA algorithms require a minimum Swift version of 4.1.
README.md
Outdated
@@ -176,6 +178,11 @@ The supported algorithms for signing and verifying JWTs are: | |||
* HS512 - HMAC using using SHA-512 | |||
* none - Don't sign or verify the JWT | |||
|
|||
ECDSA is available from **Swift 4.1** | |||
* ES256 - ECDSA using using SHA-256 and a P-256 Curve | |||
* ES384- ECDSA using using SHA-384 and a P-384 Curve |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing space after ES384, and Curve should probably not be capitalized.
Sources/SwiftJWT/BlueECDSA.swift
Outdated
@@ -0,0 +1,108 @@ | |||
/** | |||
* Copyright IBM Corporation 2018 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2019
Sources/SwiftJWT/BlueECDSA.swift
Outdated
private let key: Data | ||
private let curve: String | ||
|
||
init(key: Data, curve: String) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since there are only a small number of valid values for curve, could this be an internal enum instead?
Sources/SwiftJWT/BlueECDSA.swift
Outdated
} | ||
if #available(OSX 10.13, *) { | ||
let privateKey = try ECPrivateKey(key: keyString) | ||
guard privateKey.curveId == curve else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Damn, ECPrivateKey.curveId should have been an enum (or struct equivalent) - is it too late to change it?
Tests/SwiftJWTTests/TestJWT.swift
Outdated
@@ -196,6 +204,26 @@ class TestJWT: XCTestCase { | |||
else { | |||
XCTFail("Failed to sign") | |||
} | |||
|
|||
// ECDSA key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could this be a separate test? Maybe split this function into four
Tests/SwiftJWTTests/TestJWT.swift
Outdated
@@ -556,6 +624,30 @@ class TestJWT: XCTestCase { | |||
} | |||
} | |||
|
|||
// From jwt.io |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe flesh this comment out ie. test that we can interop with a JWT issued by jwt.io
Sources/SwiftJWT/JWTSigner.swift
Outdated
@@ -49,35 +66,62 @@ public struct JWTSigner { | |||
} | |||
|
|||
/// Initialize a JWTSigner using the RSA 256 bits algorithm and the provided privateKey. | |||
/// - Parameter privateKey: The UTF8 encoded PEM private key. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You added the words "including the BEGIN PUBLIC KEY header" in the case of JWTVerifier - whilst I understand this is to disambiguate between key and certificate, I think it would be nice to include the statement about the header here too (and ditto for the EC keys for sign/verify)
This pull request used the new BlueECC repo to add support for signing and verifying using ECDSA.