feat: Add gcm algorithm for cross platform encryption/decryption #33
Conversation
Sources/CryptorRSA/CryptorRSA.swift
Outdated
| // Apple use a 16 byte all 0 IV. This is allowed since a random key is generated for each encryption. | ||
| let iv = [UInt8](repeating: 0, count: 16) | ||
|
|
||
| // TODO: change EVP_aes_128_gcm to EVP_aes_256_gcm for rsaKey > 4096 bits to match apple. |
There was a problem hiding this comment.
I have added in the code to choose algorithm based on key size so that this supports RSA keys >= 4096 bytes. I have also added a test to cover this case.
| @@ -80,7 +80,7 @@ class CryptorRSATests: XCTestCase { | |||
|
|
|||
| let path = CryptorRSATests.getFilePath(for: "public", ofType: "der") | |||
| XCTAssertNotNil(path) | |||
There was a problem hiding this comment.
Can this white space (and the rest of the similar lines) just be deleted?
There was a problem hiding this comment.
BlueRSA uses a mix of both tabs and spaces through the project (Even switching within the same function) which caused lots of white space changes. I have removed most of those and will pick up the last few here.
I won't change the sha algorithms in the tests since they have varying amounts of tabs and then spaces within the same line and i can't bring myself to replicate this.
Sources/CryptorRSA/CryptorRSA.swift
Outdated
| @@ -222,7 +222,9 @@ public class CryptorRSA { | |||
| } | |||
|
|
|||
| #if os(Linux) | |||
|
|
|||
| if algorithm == .gcm { | |||
There was a problem hiding this comment.
This special-casing of GCM seems a bit hacky... Would it be better to switch algorithm { } and call a function depending on the result? In other words, have encryptedSHA(with: key) as well?
There was a problem hiding this comment.
The switch would be:
switch algorithm {
case .gcm:
return try encryptedGCM(with: key)
default:
return try encryptedSHA(with: key)
}Which seems a bit strange for a switch statement.
I could make the SHA a separate function and do an if else statement.
Alternatively we could just make encryptedGCM public as it's own function.
There was a problem hiding this comment.
I would list all the SHA cases explicitly rather than using default: but yes this is what I'm suggesting. This function is called encrypted() - now that it does more than just SHA I don't see why all the SHA code belongs in it?
Description
This pull request adds a new algorithm case called gcm.
This will use SHA1 for signing/verifying.
For encryption/decryption it will use:
This makes it compatible with the Apple SecKeyCreateEncryptedData/SecKeyCreateDecryptedData.
As a result you will be able to encrypt on an apple device and decrypt on linux using this algorithm.
The travis builds will fail until a new patch of openSSL 1 and 2 with
EVP_CIPHER_CTX_init_wrapperare releasedMotivation and Context
This is a fix for issue #32 to allow cross platform RSA encryption.
How Has This Been Tested?
The gcm algorithm has been added to the current tests.
Two new tests have also been added using previously encrypted data from linux and mac to test cross platform support.