kitura / blueecc Goto Github PK

Elliptic-curve cryptography for Swift

License: Apache License 2.0

Swift 99.37% Ruby 0.63%

blueecc's Introduction

A Swift Web Framework and HTTP Server

Summary

Kitura is a web framework and web server that is created for web services written in Swift. For more information, visit www.kitura.dev.

Summary
Features
Getting Started
Contributing to Kitura
Community

Features

URL routing (e.g., GET, POST, PUT, DELETE, PATCH)
Codable routing
URL parameters
Static file serving
FastCGI support
SSL/TLS support
Pluggable middleware

Getting Started

Visit https://www.kitura.dev for a Getting Started guide, tutorials, and API reference documentation.

Contributing to Kitura

All improvements to Kitura are very welcome! Here's how to get started with developing Kitura itself.

Clone this repository.

$ git clone https://github.com/Kitura/Kitura

Build and run tests.

$ swift test

You can find more info on contributing to Kitura in our contributing guidelines.

Notes

Swift-NIO is now the default network engine via the Kitura-NIO package. If for some reason you require the old Kitura-net package, you can still enable it by setting an environment variable KITURA_NIO=0 during build.
Most Kitura packages have been updated to require at least Swift 5.2 in order to maintain backward compatibility.

Community

We love to talk server-side Swift, and Kitura. Join our Slack to meet the team!

blueecc's People

Stargazers

Watchers

blueecc's Issues

Conversion from Data to ASN1 crashes

Description:
When initializing ECSignature with wrong data, the conversion in ASN1.toASN1Element crashes for at

default: // octet string
    let (length, lengthOfLength) = readLength(data: data.advanced(by: 1))

Reproduce:

let signed = try ECSignature(asn1: Data(base64Encoded: "abcd")!)

Expected:
ECSignature throws an error.

Actual:
Program crashes with the following message:
Thread 1: EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0)

Add support for generating keys within the repo

Currently we require users to use OpenSSL command line to generate EC keys.
It would be nice if they could use this repo to create the key pairs without any further installations.
This would also allow you dynamically generate key pairs so you could create a short lived keys.

Not compiling, OpenSSL linking issue

Building for iOS Simulator, but linking in dylib built for macOS, file '/usr/local/Cellar/[email protected]/1.1.1k/lib/libcrypto.dylib' for architecture x86_64

Carthage

Could you please provide support of Carthage dependency manager?

Integration with NodeJS server

I create NodeJS repo for use with clients based on BlueECC, https://github.com/legion-zver/blue-ecc-js.
Maybe someone's interested or helpful ;-)

[Request] Support for curve 25519

Will there be support for curve 25519?

Use SecKeyCreateRandomKey

Similar to Kitura/BlueRSA#77

Need to stop using SecKeyGeneratePair, and switch to SecKeyCreateRandomKey.

I'll work on getting a PR put together, but, similar to BlueRSA, would like an updated release to go to Cocoapods, so it can be consumed that way.

-Thanks!

Customize Algorithm secp256k1

Hello there,

Any chance to use create a JWTSigner with secp256k1 algorithm?

Regards.

xCode 11.4 / Swift 5.2 crashes on parsing PublicKey in simulators and <= iOS 12

The following code crashes on Simulators and my iOS12.4 iPhone 6when built with xCode 11.4, but works ok on xCode 11.3.

Does not seem to crash on iOS 13.4.

let p256PrivateKey = try! ECPrivateKey.make(for: .prime256v1) print(p256PrivateKey.pemString) publicKey = try! p256PrivateKey.extractPublicKey() print(publicKey.pemString)

Error is happening at this line:
guard let secKey = SecKeyCreateWithData(keyData as CFData, [kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom, kSecAttrKeyClass: kSecAttrKeyClassPublic] as CFDictionary, &error)

Error:
objc[1049]: Class _TtGCs18_DictionaryStorageaSo11CFStringRefS0__$ is implemented in both /usr/lib/swift/libswiftCore.dylib (0x1c1d492d8) and /usr/lib/swift/libswiftCore.dylib (0x1c1d495e8). One of the two will be used. Which one is undefined. Fatal error: invalid unsafeDowncast

Add patten matching for error.

We use the same pattern as Swift-JWT for errors. This pr adds pattern matching for the errors so they are easier to handle and it would be nice to implement them in this repo as well.

secp521r1 signatures based on r|s are sometimes invalid

We saw some issues when using Swift-JWT with the ES512 signer, which uses the BlueECC crypto underneath. The issue was, that the generated signature is sometimes invalid, producing r and s values with 65 Bytes instead of 66 Bytes in ~0,1% of the cases.

By adding the following test, you see that the verification fails sometimes:

func test_SignatureGeneration() throws {
    let secp521r1Key = try ECPrivateKey.make(for: .secp521r1)
    let secp521r1PubKey = try secp521r1Key.extractPublicKey()
    do {
        for i in 1 ..< 10000 {
            let signature521 = try "Hello world".sign(with: secp521r1Key)
            XCTAssertEqual(signature521.r.count, 66) // those two assertions
            XCTAssertEqual(signature521.s.count, 66) // will sometimes fail
            let copiedSignature = try ECSignature(r: signature521.r, s: signature521.s)
            let verified521 = copiedSignature.verify(plaintext: "Hello world", using: secp521r1PubKey)
            XCTAssertTrue(verified521)
            print("\(i) done")
        }
    } catch {
        return XCTFail("test_SignatureGeneration failed: \(error)")
    }
}

During debugging, I found that in the asn1ToRSSig method, the returned trimmed r and s values sometimes have 65 Bytes instead of 66. However, I was unsuccessful just padding them with null bytes.

The error must be somewhere in the transformation from the original asn1 to the rs format, because when using asn1 in the test above directly:

let copiedSignature = try ECSignature(asn1: signature521.asn1)

the error does not occur.

Note: I was unable to reproduce this on a different curve (e.g. es384). I guess this is due to the nature of the 521 bit curve.

Swift-JWT fails to compile

When using Colab

%install '.package(url: "https://github.com/IBM-Swift/Swift-JWT.git", from: "3.0.0")' SwiftJWT

It appears to be using Swift version 5.3-dev rather than 5.2. I know 5.3 is being announced this week.

Details below. This was working late 2019.

[4/24] Merging module Logging
SIL verification failed: return with stack allocs that haven't been deallocated: state.Stack.empty()
Verifying instruction:
%18 = struct $EllipticCurve (%0 : $EllipticCurve.InternalRepresentation, %1 : $Optional, %2 : $Int32, %6 : $@callee_guaranteed (Optional<UnsafePointer>, Int, Optional<UnsafeMutablePointer>) -> Optional<UnsafeMutablePointer>, %17 : $Int, %3 : $Int) // user: %19
-> return %18 : $EllipticCurve // id: %19
In function:
// EllipticCurve.init(internalRepresentation:signingAlgorithm:nativeCurve:keySize:)
sil private [ossa] @$s10CryptorECC13EllipticCurveV22internalRepresentation16signingAlgorithm06nativeD07keySizeA2C08InternalF033_9ED7A968DCE1F3D03FCEF1D6E4BAB780LLO_s13OpaquePointerVSgs5Int32VSitcAILlfC : $@convention(method) (EllipticCurve.InternalRepresentation, Optional, Int32, Int, @thin EllipticCurve.Type) -> @owned EllipticCurve {
// %0 // user: %18
// %1 // user: %18
// %2 // user: %18
// %3 // user: %18
bb0(%0 : $EllipticCurve.InternalRepresentation, %1 : $Optional, %2 : $Int32, %3 : $Int, %4 : $@thin EllipticCurve.Type):
// function_ref @nonobjc SHA256(:::)
%5 = function_ref @$sSo6SHA256ySpys5UInt8VGSgSPyACGSg_SiAEtFTO : $@convention(thin) (Optional<UnsafePointer>, Int, Optional<UnsafeMutablePointer>) -> Optional<UnsafeMutablePointer> // user: %6
%6 = thin_to_thick_function %5 : $@convention(thin) (Optional<UnsafePointer>, Int, Optional<UnsafeMutablePointer>) -> Optional<UnsafeMutablePointer> to $@callee_guaranteed (Optional<UnsafePointer>, Int, Optional<UnsafeMutablePointer>) -> Optional<UnsafeMutablePointer> // user: %18
%7 = alloc_stack $Int // users: %17, %15
%8 = metatype $@thin Int.Type
%9 = metatype $@thick Int.Type // user: %15
// function_ref SHA256_DIGEST_LENGTH.getter
%10 = function_ref @$sSC20SHA256_DIGEST_LENGTHs5Int32Vvg : $@convention(thin) () -> Int32 // user: %11
%11 = apply %10() : $@convention(thin) () -> Int32 // user: %13
%12 = alloc_stack $Int32 // users: %16, %15, %13
store %11 to [trivial] %12 : $*Int32 // id: %13
// function_ref SignedInteger<>.init(:)
%14 = function_ref @$sSZss17FixedWidthIntegerRzrlEyxqd__cSzRd__lufC : $@convention(method) <τ_0_0 where τ_0_0 : FixedWidthInteger, τ_0_0 : SignedInteger><τ_1_0 where τ_1_0 : BinaryInteger> (@in τ_1_0, @thick τ_0_0.Type) -> @out τ_0_0 // user: %15
%15 = apply %14<Int, Int32>(%7, %12, %9) : $@convention(method) <τ_0_0 where τ_0_0 : FixedWidthInteger, τ_0_0 : SignedInteger><τ_1_0 where τ_1_0 : BinaryInteger> (@in τ_1_0, @thick τ_0_0.Type) -> @out τ_0_0
dealloc_stack %12 : $*Int32 // id: %16
%17 = load [trivial] %7 : $*Int // user: %18
%18 = struct $EllipticCurve (%0 : $EllipticCurve.InternalRepresentation, %1 : $Optional, %2 : $Int32, %6 : $@callee_guaranteed (Optional<UnsafePointer>, Int, Optional<UnsafeMutablePointer>) -> Optional<UnsafeMutablePointer>, %17 : $Int, %3 : $Int) // user: %19
return %18 : $EllipticCurve // id: %19
} // end sil function '$s10CryptorECC13EllipticCurveV22internalRepresentation16signingAlgorithm06nativeD07keySizeA2C08InternalF033_9ED7A968DCE1F3D03FCEF1D6E4BAB780LLO_s13OpaquePointerVSgs5Int32VSitcAILlfC'

Stack dump:
0. Program arguments: /swift/toolchain/usr/bin/swift -frontend -c /content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/ASN1.swift /content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/Data+Extensions.swift /content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/ECDecryptable.swift /content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/ECEncryptable.swift /content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/ECError.swift /content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/ECPrivateKey.swift -primary-file /content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/ECPublicKey.swift -primary-file /content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/ECSignable.swift -primary-file /content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/ECSignature.swift -primary-file /content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/EllipticCurve.swift -primary-file /content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/SSLPointerTricks.swift -supplementary-output-file-map /tmp/supplementaryOutputs-0d11d3 -target x86_64-unknown-linux-gnu -disable-objc-interop -I /content/swift-install/package/.build/x86_64-unknown-linux-gnu/debug -enable-testing -g -module-cache-path /content/swift-install/package/.build/x86_64-unknown-linux-gnu/debug/ModuleCache -swift-version 5 -Onone -D SWIFT_PACKAGE -D DEBUG -enable-anonymous-context-mangled-names -Xcc -fmodule-map-file=/content/swift-install/package/.build/checkouts/OpenSSL/Sources/OpenSSL/module.modulemap -parse-as-library -module-name CryptorECC -o /content/swift-install/package/.build/x86_64-unknown-linux-gnu/debug/CryptorECC.build/ECPublicKey.swift.o -o /content/swift-install/package/.build/x86_64-unknown-linux-gnu/debug/CryptorECC.build/ECSignable.swift.o -o /content/swift-install/package/.build/x86_64-unknown-linux-gnu/debug/CryptorECC.build/ECSignature.swift.o -o /content/swift-install/package/.build/x86_64-unknown-linux-gnu/debug/CryptorECC.build/EllipticCurve.swift.o -o /content/swift-install/package/.build/x86_64-unknown-linux-gnu/debug/CryptorECC.build/SSLPointerTricks.swift.o -index-store-path /content/swift-install/package/.build/x86_64-unknown-linux-gnu/debug/index/store -index-system-modules

Swift version 5.3-dev (LLVM 5a342fdfac, Swift ec4315266b)
While evaluating request SILGenSourceFileRequest(SIL Generation for file "/content/swift-install/package/.build/checkouts/BlueECC/Sources/CryptorECC/EllipticCurve.swift")
While silgen emitConstructor SIL function "@$s10CryptorECC13EllipticCurveV22internalRepresentation16signingAlgorithm06nativeD07keySizeA2C08InternalF033_9ED7A968DCE1F3D03FCEF1D6E4BAB780LLO_s13OpaquePointerVSgs5Int32VSitcAILlfC".

Cocoapods

Any support for cocoapods dependency manager?