Merge pull request #70 from outfoxx/fix/pkcs8

Use standard encrypted PKCS#8 for `SecKeyPair` importing and export
outfoxx · Jun 9, 2023 · 54f50fe · 54f50fe
2 parents fc754f9 + 38bb362
commit 54f50fe
Show file tree

Hide file tree

Showing 18 changed files with 877 additions and 66 deletions.
diff --git a/Package.resolved b/Package.resolved
@@ -24,8 +24,8 @@
         "repositoryURL": "https://github.com/outfoxx/PotentCodables.git",
         "state": {
           "branch": null,
-          "revision": "e7241008d1d52e106f84674161652e12cf8dfc32",
-          "version": "3.0.1"
+          "revision": "9c5adf2563d12ce0a3cd1c19efa19f7f8d8ca078",
+          "version": "3.0.3"
         }
       },
       {
@@ -37,6 +37,15 @@
           "version": "2.1.1"
         }
       },
+      {
+        "package": "swift-algorithms",
+        "repositoryURL": "https://github.com/apple/swift-algorithms",
+        "state": {
+          "branch": null,
+          "revision": "b14b7f4c528c942f121c8b860b9410b2bf57825e",
+          "version": "1.0.0"
+        }
+      },
       {
         "package": "swift-collections",
         "repositoryURL": "https://github.com/apple/swift-collections.git",

diff --git a/Package.swift b/Package.swift
@@ -16,8 +16,9 @@ let package = Package(
       targets: ["Shield", "ShieldSecurity", "ShieldCrypto", "ShieldOID", "ShieldPKCS", "ShieldX509", "ShieldX500"]),
   ],
   dependencies: [
-    .package(url: "https://github.com/outfoxx/PotentCodables.git", from: "3.0.0"),
+    .package(url: "https://github.com/outfoxx/PotentCodables.git", from: "3.0.3"),
     .package(url: "https://github.com/sharplet/Regex.git", from: "2.1.0"),
+    .package(name: "Algorithms", url: "https://github.com/apple/swift-algorithms", from: "1.0.0"),
   ],
   targets: [
     .target(
@@ -37,11 +38,11 @@ let package = Package(
     ),
     .target(
       name: "ShieldPKCS",
-      dependencies: ["ShieldX500", "PotentCodables"]
+      dependencies: ["ShieldX509", "PotentCodables"]
     ),
     .target(
       name: "ShieldX509",
-      dependencies: ["ShieldCrypto", "ShieldX500", "ShieldOID", "ShieldPKCS", "PotentCodables"]
+      dependencies: ["ShieldCrypto", "ShieldX500", "ShieldOID", "PotentCodables", "Algorithms"]
     ),
     .target(
       name: "ShieldCrypto"

diff --git a/Sources/ShieldCrypto/PBKDF.swift b/Sources/ShieldCrypto/PBKDF.swift
@@ -45,13 +45,23 @@ public enum PBKDF {
       self.name = name
     }
 
+    @available(*, deprecated, message: "Use hmacSha1")
     public static let sha1 = PsuedoRandomAlgorithm(rawValue: UInt32(kCCPRFHmacAlgSHA1), name: "SHA1")
+    public static let hmacSha1 = PsuedoRandomAlgorithm(rawValue: UInt32(kCCPRFHmacAlgSHA1), name: "SHA1")
+    @available(*, deprecated, message: "Use hmacSha224")
     public static let sha224 = PsuedoRandomAlgorithm(rawValue: UInt32(kCCPRFHmacAlgSHA224), name: "SHA224")
+    public static let hmacSha224 = PsuedoRandomAlgorithm(rawValue: UInt32(kCCPRFHmacAlgSHA224), name: "SHA224")
+    @available(*, deprecated, message: "Use hmacSha256")
     public static let sha256 = PsuedoRandomAlgorithm(rawValue: UInt32(kCCPRFHmacAlgSHA256), name: "SHA256")
+    public static let hmacSha256 = PsuedoRandomAlgorithm(rawValue: UInt32(kCCPRFHmacAlgSHA256), name: "SHA256")
+    @available(*, deprecated, message: "Use hmacSha384")
     public static let sha384 = PsuedoRandomAlgorithm(rawValue: UInt32(kCCPRFHmacAlgSHA384), name: "SHA384")
+    public static let hmacSha384 = PsuedoRandomAlgorithm(rawValue: UInt32(kCCPRFHmacAlgSHA384), name: "SHA384")
+    @available(*, deprecated, message: "Use hmacSha512")
     public static let sha512 = PsuedoRandomAlgorithm(rawValue: UInt32(kCCPRFHmacAlgSHA512), name: "SHA512")
+    public static let hmacSha512 = PsuedoRandomAlgorithm(rawValue: UInt32(kCCPRFHmacAlgSHA512), name: "SHA512")
 
-    public static let allCases: [PsuedoRandomAlgorithm] = [.sha1, .sha224, .sha256, .sha384, .sha512]
+    public static let allCases: [PsuedoRandomAlgorithm] = [.hmacSha1, .hmacSha224, .hmacSha256, .hmacSha384, .hmacSha512]
 
     public var description: String {
       return name
@@ -97,7 +107,7 @@ public enum PBKDF {
     saltLength: Int,
     keyLength: Int,
     using algorithm: Algorithm = .pbkdf2,
-    psuedoRandomAlgorithm: PsuedoRandomAlgorithm = .sha512,
+    psuedoRandomAlgorithm: PsuedoRandomAlgorithm = .hmacSha512,
     taking: TimeInterval
   ) throws -> Int {
     let rounds = CCCalibratePBKDF(

diff --git a/Sources/ShieldOID/ISO-ITU.swift b/Sources/ShieldOID/ISO-ITU.swift
@@ -11,7 +11,7 @@
 import Foundation
 
 // swiftformat:disable consecutiveSpaces
-// swiftlint:disable type_name identifier_name
+// swiftlint:disable type_name identifier_name nesting
 
 /// Areas of joint work between ISO/IEC (International Organization for Standardization/International Electrotechnical Commission)
 /// and ITU-T (International Telecommunication Union - Telecommunication standardization sector), and other international work
@@ -26,7 +26,7 @@ public struct iso_itu: OIDBranch {
   public struct ds: OIDBranch {
     public static let id: UInt64 = 5
     public static let names = ["ds"]
-    internal static let children: [OIDNode.Type] = [attributeType.self, certificateExtension.self]
+    internal static let children: [OIDNode.Type] = [attributeType.self, certificateExtension.self, algorithm.self]
 
     public enum attributeType: OID, CaseIterable, OIDLeaf {
       public static let id: UInt64 = 4
@@ -193,5 +193,153 @@ public struct iso_itu: OIDBranch {
       case noRevAvail =                             "2.5.29.56"
       case acceptablePrivilegePolicies =            "2.5.29.57"
     }
+
+    public struct algorithm: OIDBranch {
+      public static let id: UInt64 = 44
+      public static let names = ["algorithm"]
+      internal static let children: [OIDNode.Type] = [aes.self]
+
+      public enum aes: OID, CaseIterable, OIDLeaf {
+        public static let id: UInt64 = 2
+        public static let names = ["aes"]
+        internal static let children: [OIDNode.Type] = []
+
+        case aes_cbc_128 =      "2.5.44.2.1"
+        case aes_cbc_192 =      "2.5.44.2.2"
+        case aes_cbc_256 =      "2.5.44.2.3"
+
+        case aes_ofb_128 =      "2.5.44.2.5"
+        case aes_ofb_192 =      "2.5.44.2.6"
+        case aes_ofb_256 =      "2.5.44.2.7"
+
+        case aes_cfb_128 =      "2.5.44.2.9"
+        case aes_cfb_192 =      "2.5.44.2.10"
+        case aes_cfb_256 =      "2.5.44.2.11"
+
+        case aes_gcm_128 =      "2.5.44.2.17"
+        case aes_gcm_192 =      "2.5.44.2.18"
+        case aes_gcm_256 =      "2.5.44.2.19"
+
+        case aes_gcm_siv_128 =  "2.5.44.2.21"
+        case aes_gcm_siv_192 =  "2.5.44.2.22"
+        case aes_gcm_siv_256 =  "2.5.44.2.23"
+
+        case aes_ccm_128 =      "2.5.44.2.25"
+        case aes_ccm_192 =      "2.5.44.2.26"
+        case aes_ccm_256 =      "2.5.44.2.27"
+
+        case aes_gmac_128 =     "2.5.44.2.29"
+        case aes_gmac_192 =     "2.5.44.2.30"
+        case aes_gmac_256 =     "2.5.44.2.31"
+      }
+    }
+  }
+
+  public struct country: OIDBranch {
+    public static let id: UInt64 = 16
+    public static let names = ["country"]
+    internal static let children: [OIDNode.Type] = [us.self]
+
+    public struct us: OIDBranch {
+      public static let id: UInt64 = 840
+      public static let names = ["us"]
+      internal static let children: [OIDNode.Type] = [organization.self]
+
+      public struct organization: OIDBranch {
+        public static let id: UInt64 = 1
+        public static let names = ["organization"]
+        internal static let children: [OIDNode.Type] = [gov.self]
+
+        public struct gov: OIDBranch {
+          public static let id: UInt64 = 101
+          public static let names = ["gov"]
+          internal static let children: [OIDNode.Type] = [csor.self]
+
+          public struct csor: OIDBranch {
+            public static let id: UInt64 = 3
+            public static let names = ["country"]
+            internal static let children: [OIDNode.Type] = [nistAlgorithms.self]
+
+            public struct nistAlgorithms: OIDBranch {
+              public static let id: UInt64 = 4
+              public static let names = ["nistAlgorithms"]
+              internal static let children: [OIDNode.Type] = [aes.self, hashAlgs.self]
+
+              public enum aes: OID, CaseIterable, OIDLeaf {
+                public static let id: UInt64 = 1
+                public static let names = ["aes"]
+                internal static let children: [OIDNode.Type] = []
+
+                case aes128_ECB =         "2.16.840.1.101.3.4.1.1"
+                case aes128_CBC_PAD =     "2.16.840.1.101.3.4.1.2"
+                case aes128_OFB =         "2.16.840.1.101.3.4.1.3"
+                case aes128_CFB =         "2.16.840.1.101.3.4.1.4"
+                case aes128_wrap =        "2.16.840.1.101.3.4.1.5"
+                case aes128_GCM =         "2.16.840.1.101.3.4.1.6"
+                case aes128_CCM =         "2.16.840.1.101.3.4.1.7"
+                case aes128_wrap_pad =    "2.16.840.1.101.3.4.1.8"
+                case aes128_GMAC =        "2.16.840.1.101.3.4.1.9"
+
+                case aes192_ECB =         "2.16.840.1.101.3.4.1.21"
+                case aes192_CBC_PAD =     "2.16.840.1.101.3.4.1.22"
+                case aes192_OFB =         "2.16.840.1.101.3.4.1.23"
+                case aes192_CFB =         "2.16.840.1.101.3.4.1.24"
+                case aes192_wrap =        "2.16.840.1.101.3.4.1.25"
+                case aes192_GCM =         "2.16.840.1.101.3.4.1.26"
+                case aes192_CCM =         "2.16.840.1.101.3.4.1.27"
+                case aes192_wrap_pad =    "2.16.840.1.101.3.4.1.28"
+                case aes192_GMAC =        "2.16.840.1.101.3.4.1.29"
+
+                case aes256_ECB =         "2.16.840.1.101.3.4.1.41"
+                case aes256_CBC_PAD =     "2.16.840.1.101.3.4.1.42"
+                case aes256_OFB =         "2.16.840.1.101.3.4.1.43"
+                case aes256_CFB =         "2.16.840.1.101.3.4.1.44"
+                case aes256_wrap =        "2.16.840.1.101.3.4.1.45"
+                case aes256_GCM =         "2.16.840.1.101.3.4.1.46"
+                case aes256_CCM =         "2.16.840.1.101.3.4.1.47"
+                case aes256_wrap_pad =    "2.16.840.1.101.3.4.1.48"
+                case aes256_GMAC =        "2.16.840.1.101.3.4.1.49"
+              }
+
+              public enum hashAlgs: OID, CaseIterable, OIDLeaf {
+                public static let id: UInt64 = 2
+                public static let names = ["hashAlgs", "hashalgs"]
+                internal static let children: [OIDNode.Type] = []
+
+                case sha256 =             "2.16.840.1.101.3.4.2.1"
+                case sha384 =             "2.16.840.1.101.3.4.2.2"
+                case sha512 =             "2.16.840.1.101.3.4.2.3"
+                case sha224 =             "2.16.840.1.101.3.4.2.4"
+                case sha512_224 =         "2.16.840.1.101.3.4.2.5"
+                case sha512_256 =         "2.16.840.1.101.3.4.2.6"
+
+                case sha3_224 =           "2.16.840.1.101.3.4.2.7"
+                case sha3_256 =           "2.16.840.1.101.3.4.2.8"
+                case sha3_384 =           "2.16.840.1.101.3.4.2.9"
+                case sha3_512 =           "2.16.840.1.101.3.4.2.10"
+
+                case shake128 =           "2.16.840.1.101.3.4.2.11"
+                case shake256 =           "2.16.840.1.101.3.4.2.12"
+
+                case hmacWithSHA3_224 =   "2.16.840.1.101.3.4.2.13"
+                case hmacWithSHA3_256 =   "2.16.840.1.101.3.4.2.14"
+                case hmacWithSHA3_384 =   "2.16.840.1.101.3.4.2.15"
+                case hmacWithSHA3_512 =   "2.16.840.1.101.3.4.2.16"
+
+                case shake128_len =       "2.16.840.1.101.3.4.2.17"
+                case shake256_len =       "2.16.840.1.101.3.4.2.18"
+
+
+                case kmac128 =            "2.16.840.1.101.3.4.2.19"
+                case kmac256 =            "2.16.840.1.101.3.4.2.20"
+
+                case KMACXOF128 =         "2.16.840.1.101.3.4.2.21"
+                case KACXOF256 =          "2.16.840.1.101.3.4.2.22"
+              }
+            }
+          }
+        }
+      }
+    }
   }
 }
diff --git a/Sources/ShieldOID/ISO.swift b/Sources/ShieldOID/ISO.swift
@@ -12,7 +12,7 @@ import Foundation
 import PotentASN1
 
 // swiftformat:disable consecutiveSpaces
-// swiftlint:disable type_name nesting
+// swiftlint:disable type_name identifier_name nesting
 
 /// International Organization for Standardization (ISO)
 ///
@@ -58,6 +58,14 @@ public struct iso: OIDBranch {
             case sha224WithRSAEncryption =          "1.2.840.113549.1.1.14"
           }
 
+          public enum pkcs5: OID, CaseIterable, OIDLeaf {
+            public static let id: UInt64 = 5
+            public static let names = ["pkcs-5"]
+
+            case pbkdf2 =                           "1.2.840.113549.1.5.12"
+            case pbes2 =                            "1.2.840.113549.1.5.13"
+          }
+
           public enum pkcs9: OID, CaseIterable, OIDLeaf {
             public static let id: UInt64 = 9
             public static let names = ["pkcs-9"]
@@ -74,6 +82,36 @@ public struct iso: OIDBranch {
             case extensionRequest =                 "1.2.840.113549.1.9.14"
           }
         }
+
+        public enum digestAlgorithm: OID, CaseIterable, OIDLeaf {
+          public static let id: UInt64 = 2
+          public static let names = ["digestAlgorithm"]
+
+          case hmacWithSHA1 =                     "1.2.840.113549.2.7"
+          case hmacWithSHA224 =                   "1.2.840.113549.2.8"
+          case hmacWithSHA256 =                   "1.2.840.113549.2.9"
+          case hmacWithSHA384 =                   "1.2.840.113549.2.10"
+          case hmacWithSHA512 =                   "1.2.840.113549.2.11"
+          case hhmacWithSHA512_224 =              "1.2.840.113549.2.12"
+          case hhmacWithSHA512_256 =              "1.2.840.113549.2.13"
+        }
+
+        public enum encryptionAlgorithm: OID, CaseIterable, OIDLeaf {
+          public static let id: UInt64 = 3
+          public static let names = ["encryptionAlgorithm", "encryptionalgorithm"]
+
+          case rc2CBC =                           "1.2.840.113549.3.2"
+          case rc2ECB =                           "1.2.840.113549.3.3"
+          case rc4 =                              "1.2.840.113549.3.4"
+          case rc4WithMAC =                       "1.2.840.113549.3.5"
+          case desxCBC =                          "1.2.840.113549.3.6"
+          case desEDE3CBC =                       "1.2.840.113549.3.7"
+          case rc5CBC =                           "1.2.840.113549.3.8"
+          case rc5CBCPad =                        "1.2.840.113549.3.9"
+          case desCDMF =                          "1.2.840.113549.3.10"
+          case desEDE3 =                          "1.2.840.113549.3.17"
+        }
+
       }
 
       public struct ansix962: OIDBranch {

diff --git a/Sources/ShieldPKCS/Moved.swift b/Sources/ShieldPKCS/Moved.swift
@@ -0,0 +1,26 @@
+//
+//  Moved.swift
+//  Shield
+//
+//  Copyright © 2019 Outfox, inc.
+//
+//
+//  Distributed under the MIT License, See LICENSE for details.
+//
+
+import ShieldX509
+import PotentASN1
+
+// The following types have been moved to ShieldX509 due to issues with circular references
+
+public typealias RSAPrivateKey = ShieldX509.RSAPrivateKey
+public typealias RSAPublicKey = ShieldX509.RSAPublicKey
+public typealias ECParameters = ShieldX509.ECParameters
+
+public extension Schemas {
+  static let RSAPrivateKey = ShieldX509.Schemas.RSAPrivateKey
+  static let RSAPrivateKeyOtherPrimeInfos = ShieldX509.Schemas.RSAPrivateKeyOtherPrimeInfos
+  static let RSAPrivateKeyOtherPrimeInfo = ShieldX509.Schemas.RSAPrivateKeyOtherPrimeInfo
+  static let RSAPublicKey = ShieldX509.Schemas.RSAPublicKey
+  static let ECParameters = ShieldX509.Schemas.ECParameters
+}