[JWE] Added support for A256GCM and A128GCM
#278
Conversation
|
Thanks for this PR, any thoughts on completing it and releasing new lib version? |
|
From my perspective, it's completed. I'm just waiting for a review. |
|
I hope someone will take a look, seems like most of the PR's are not reviewed at all :(. It would be awesome to have this functionality as we are currently integrating Play Services Integrity check (Google version of device check from apple) and need this to decrypt token as it uses A256GCM |
|
Hello 👋🏽 |
Any update on this. Please include AES128GCM and AES256GCM content encryption algorithm. It would be very helpful |
|
Hi, any update on this? It will be very useful to have this PR merged. |
|
Looks like it fails lint tests - @tobihagemann |
|
Fixed linter warning and brought branch up-to-date. But I'm not sure if these factors were actually blockers for a review. 😅 |
|
Is there anything we can do to help get this PR merged in? |
…nd inline them into the appropriate encrypter
| switch contentEncryptionAlgorithm { | ||
| case .A256CBCHS512: | ||
| self.hmacKey = contentEncryptionKey.subdata(in: 0..<32) | ||
| self.contentEncryptionKey = contentEncryptionKey.subdata(in: 32..<64) |
There was a problem hiding this comment.
Naming wise I think it's potentially a bit dangerous (or at the very least confusing) to have the same name contentEncryptionKey for two different things.
What comes in via the initializer parameter is the two combined keys (message authentication and encryption key) while what is set here as a property of the AESCBCEncryption struct is only the message encryption key (a subset of the other one).
Just to be safe I would say we should distinguish that more clearly by using different naming for the two different keys. Note, for example, that the previous contentEncryptionKey struct property represented the two combined keys while now it only represents the subset that is used for message encryption (but not message authentication). Everything is correctly implemented (because we made the necessary changes in the encryption function below), but let's just be more explicit about it.
In the JWA specification of AES CBC encryption algorithms, they use the following naming:
- secret key for the combination of the two keys (authentication and encryption)
- for us we could call that
secretKey
- for us we could call that
- MAC_KEY/ENC_KEY for the keys derived from the secret key.
- for us, we could call them
authenticationKeyandencryptionKey.
- for us, we could call them
What do you think?
There was a problem hiding this comment.
Very valid and valuable feedback. I like the naming secret key for the combined one and will use macKey and encryptionKey for the split ones. Will make the adaptions.
| hmacAlgorithm = .SHA256 | ||
| case .A256GCM, .A128GCM: | ||
| throw JWEError.contentEncryptionAlgorithmMismatch | ||
| } |
There was a problem hiding this comment.
Totally a taste thing, not a change request:
Should we move these two switches to separate functions just like the getAuthenticationTag below? For me personally I feel like it's easier to keep an overview that way. But Both options work for me. Again, it's a taste thing.
There was a problem hiding this comment.
externalised both of them to functions. I like it better as well.
| } | ||
|
|
||
| func encrypt(_ plaintext: Data, initializationVector: Data, additionalAuthenticatedData: Data) throws -> ContentEncryptionContext { | ||
| return try AESGCM.encrypt(plaintext: plaintext, encryptionKey: contentEncryptionKey, initializationVector: initializationVector, additionalAuthenticatedData: additionalAuthenticatedData) |
There was a problem hiding this comment.
Should we split these calls to multiple lines for easier readability?
| return try AESGCM.encrypt(plaintext: plaintext, encryptionKey: contentEncryptionKey, initializationVector: initializationVector, additionalAuthenticatedData: additionalAuthenticatedData) | |
| return try AESGCM.encrypt( | |
| plaintext: plaintext, | |
| encryptionKey: contentEncryptionKey, | |
| initializationVector: initializationVector, | |
| additionalAuthenticatedData: additionalAuthenticatedData | |
| ) |
There was a problem hiding this comment.
done for both calls in the class
| return ContentEncryptionContext( | ||
| ciphertext: encrypted.ciphertext, | ||
| authenticationTag: encrypted.tag, | ||
| initializationVector: encrypted.nonce.withUnsafeBytes({ Data(Array($0)) }) |
There was a problem hiding this comment.
Is
encrypted.nonce.withUnsafeBytes({ Data(Array($0)) })the same as
initializationVector?
There was a problem hiding this comment.
Yes it is. This way all the context was built out of encrypted output.
Changed it to initializationVector for readability now. Also involves fewer conversions.
There was a problem hiding this comment.
This way all the context was built out of encrypted output.
That somehow sounds better to me I must admit. Just to double check, does it have any relevance at all if we use the incoming iv or the one from the encryption output?
Refactor switch cases out of initializer
| static func retrieveKeys(for contentEncryptionAlgorithm: ContentEncryptionAlgorithm, | ||
| from inputKey: Data) throws -> (hmacKey: Data, encryptionKey: Data) { |
There was a problem hiding this comment.
| static func retrieveKeys(for contentEncryptionAlgorithm: ContentEncryptionAlgorithm, | |
| from inputKey: Data) throws -> (hmacKey: Data, encryptionKey: Data) { | |
| static func retrieveKeys( | |
| for contentEncryptionAlgorithm: ContentEncryptionAlgorithm, | |
| from inputKey: Data | |
| ) throws -> (hmacKey: Data, encryptionKey: Data) { |
There was a problem hiding this comment.
IIRC this is the formatting we were using in other parts of the codebase
There was a problem hiding this comment.
😅 I wonder if I can install a formatter to match styles automatically.
Is there something you would recommend?
We could go with https://github.com/apple/swift-format
There was a problem hiding this comment.
Yeah we should definitely automate this. IIRC we did some research in the past but I'm sure things changed in the meantime. Defaulting to Apple's formatter surely isn't a bad idea. Probably what Xcode uses under the hood too (I guess) so that might make it easier as well.
| static func retrieveKeys(for contentEncryptionAlgorithm: ContentEncryptionAlgorithm, | ||
| from inputKey: Data) throws -> (hmacKey: Data, encryptionKey: Data) { |
There was a problem hiding this comment.
IIRC this is the formatting we were using in other parts of the codebase
After considering the comments in #251, I've added support for content encryption using AES GCM according to JWE standard. As I've mentioned there, I increased the minimum iOS target to 13.0 because of CryptoKit.