-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JWE] Added support for A256GCM
and A128GCM
#278
Conversation
Thanks for this PR, any thoughts on completing it and releasing new lib version? |
From my perspective, it's completed. I'm just waiting for a review. |
I hope someone will take a look, seems like most of the PR's are not reviewed at all :(. It would be awesome to have this functionality as we are currently integrating Play Services Integrity check (Google version of device check from apple) and need this to decrypt token as it uses A256GCM |
Hello 👋🏽 |
Any update on this. Please include AES128GCM and AES256GCM content encryption algorithm. It would be very helpful |
Hi, any update on this? It will be very useful to have this PR merged. |
Looks like it fails lint tests - @tobihagemann |
Fixed linter warning and brought branch up-to-date. But I'm not sure if these factors were actually blockers for a review. 😅 |
Is there anything we can do to help get this PR merged in? |
…nd inline them into the appropriate encrypter
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice! Couple of comments, let me know what you think!
switch contentEncryptionAlgorithm { | ||
case .A256CBCHS512: | ||
self.hmacKey = contentEncryptionKey.subdata(in: 0..<32) | ||
self.contentEncryptionKey = contentEncryptionKey.subdata(in: 32..<64) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Naming wise I think it's potentially a bit dangerous (or at the very least confusing) to have the same name contentEncryptionKey
for two different things.
What comes in via the initializer parameter is the two combined keys (message authentication and encryption key) while what is set here as a property of the AESCBCEncryption
struct is only the message encryption key (a subset of the other one).
Just to be safe I would say we should distinguish that more clearly by using different naming for the two different keys. Note, for example, that the previous contentEncryptionKey
struct property represented the two combined keys while now it only represents the subset that is used for message encryption (but not message authentication). Everything is correctly implemented (because we made the necessary changes in the encryption function below), but let's just be more explicit about it.
In the JWA specification of AES CBC encryption algorithms, they use the following naming:
- secret key for the combination of the two keys (authentication and encryption)
- for us we could call that
secretKey
- for us we could call that
- MAC_KEY/ENC_KEY for the keys derived from the secret key.
- for us, we could call them
authenticationKey
andencryptionKey
.
- for us, we could call them
What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very valid and valuable feedback. I like the naming secret key for the combined one and will use macKey and encryptionKey for the split ones. Will make the adaptions.
hmacAlgorithm = .SHA256 | ||
case .A256GCM, .A128GCM: | ||
throw JWEError.contentEncryptionAlgorithmMismatch | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Totally a taste thing, not a change request:
Should we move these two switches to separate functions just like the getAuthenticationTag
below? For me personally I feel like it's easier to keep an overview that way. But Both options work for me. Again, it's a taste thing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
externalised both of them to functions. I like it better as well.
} | ||
|
||
func encrypt(_ plaintext: Data, initializationVector: Data, additionalAuthenticatedData: Data) throws -> ContentEncryptionContext { | ||
return try AESGCM.encrypt(plaintext: plaintext, encryptionKey: contentEncryptionKey, initializationVector: initializationVector, additionalAuthenticatedData: additionalAuthenticatedData) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we split these calls to multiple lines for easier readability?
return try AESGCM.encrypt(plaintext: plaintext, encryptionKey: contentEncryptionKey, initializationVector: initializationVector, additionalAuthenticatedData: additionalAuthenticatedData) | |
return try AESGCM.encrypt( | |
plaintext: plaintext, | |
encryptionKey: contentEncryptionKey, | |
initializationVector: initializationVector, | |
additionalAuthenticatedData: additionalAuthenticatedData | |
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done for both calls in the class
return ContentEncryptionContext( | ||
ciphertext: encrypted.ciphertext, | ||
authenticationTag: encrypted.tag, | ||
initializationVector: encrypted.nonce.withUnsafeBytes({ Data(Array($0)) }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is
encrypted.nonce.withUnsafeBytes({ Data(Array($0)) })
the same as
initializationVector
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes it is. This way all the context was built out of encrypted output.
Changed it to initializationVector
for readability now. Also involves fewer conversions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This way all the context was built out of encrypted output.
That somehow sounds better to me I must admit. Just to double check, does it have any relevance at all if we use the incoming iv or the one from the encryption output?
Refactor switch cases out of initializer
static func retrieveKeys(for contentEncryptionAlgorithm: ContentEncryptionAlgorithm, | ||
from inputKey: Data) throws -> (hmacKey: Data, encryptionKey: Data) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
static func retrieveKeys(for contentEncryptionAlgorithm: ContentEncryptionAlgorithm, | |
from inputKey: Data) throws -> (hmacKey: Data, encryptionKey: Data) { | |
static func retrieveKeys( | |
for contentEncryptionAlgorithm: ContentEncryptionAlgorithm, | |
from inputKey: Data | |
) throws -> (hmacKey: Data, encryptionKey: Data) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC this is the formatting we were using in other parts of the codebase
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😅 I wonder if I can install a formatter to match styles automatically.
Is there something you would recommend?
We could go with https://github.com/apple/swift-format
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah we should definitely automate this. IIRC we did some research in the past but I'm sure things changed in the meantime. Defaulting to Apple's formatter surely isn't a bad idea. Probably what Xcode uses under the hood too (I guess) so that might make it easier as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎉
static func retrieveKeys(for contentEncryptionAlgorithm: ContentEncryptionAlgorithm, | ||
from inputKey: Data) throws -> (hmacKey: Data, encryptionKey: Data) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC this is the formatting we were using in other parts of the codebase
After considering the comments in #251, I've added support for content encryption using AES GCM according to JWE standard. As I've mentioned there, I increased the minimum iOS target to 13.0 because of CryptoKit.