Switch to SwiftCrypto for all RSA stuff (#179)

* Switch to Crypto RSA raw init

* Remove a lot of useless stuff

* Use new Crypto tag

* Fix error

* Fix package

Package.swift

@@ -10,12 +10,11 @@ let package = Package(
         .watchOS(.v8),
     ],
     products: [
-        .library(name: "JWTKit", targets: ["JWTKit"]),
+        .library(name: "JWTKit", targets: ["JWTKit"])
     ],
     dependencies: [
-        .package(url: "https://github.com/apple/swift-crypto.git", from: "3.6.1"),
+        .package(url: "https://github.com/apple/swift-crypto.git", from: "3.8.0"),
         .package(url: "https://github.com/apple/swift-certificates.git", from: "1.2.0"),
-        .package(url: "https://github.com/attaswift/BigInt.git", from: "5.3.0"),
         .package(url: "https://github.com/apple/swift-log.git", from: "1.0.0"),
     ],
     targets: [
@@ -25,18 +24,16 @@ let package = Package(
                 .product(name: "Crypto", package: "swift-crypto"),
                 .product(name: "_CryptoExtras", package: "swift-crypto"),
                 .product(name: "X509", package: "swift-certificates"),
-                .product(name: "BigInt", package: "BigInt"),
                 .product(name: "Logging", package: "swift-log"),
             ]
         ),
         .testTarget(
             name: "JWTKitTests",
             dependencies: [
-                "JWTKit",
+                "JWTKit"
             ],
             resources: [
-                .copy("TestVectors"),
-                .copy("TestCertificates"),
+                .copy("TestCertificates")
             ]
         ),
     ],

Package@swift-5.10.swift

@@ -10,12 +10,11 @@ let package = Package(
         .watchOS(.v8),
     ],
     products: [
-        .library(name: "JWTKit", targets: ["JWTKit"]),
+        .library(name: "JWTKit", targets: ["JWTKit"])
     ],
     dependencies: [
-        .package(url: "https://github.com/apple/swift-crypto.git", from: "3.6.1"),
+        .package(url: "https://github.com/apple/swift-crypto.git", from: "3.8.0"),
         .package(url: "https://github.com/apple/swift-certificates.git", from: "1.2.0"),
-        .package(url: "https://github.com/attaswift/BigInt.git", from: "5.3.0"),
         .package(url: "https://github.com/apple/swift-log.git", from: "1.0.0"),
     ],
     targets: [
@@ -25,21 +24,19 @@ let package = Package(
                 .product(name: "Crypto", package: "swift-crypto"),
                 .product(name: "_CryptoExtras", package: "swift-crypto"),
                 .product(name: "X509", package: "swift-certificates"),
-                .product(name: "BigInt", package: "BigInt"),
                 .product(name: "Logging", package: "swift-log"),
             ],
             swiftSettings: [
-                .enableExperimentalFeature("StrictConcurrency"),
+                .enableExperimentalFeature("StrictConcurrency")
             ]
         ),
         .testTarget(
             name: "JWTKitTests",
             dependencies: [
-                "JWTKit",
+                "JWTKit"
             ],
             resources: [
-                .copy("TestVectors"),
-                .copy("TestCertificates"),
+                .copy("TestCertificates")
             ],
             swiftSettings: [
                 .enableExperimentalFeature("StrictConcurrency"),

Sources/JWTKit/ECDSA/ECDSA.swift

@@ -1,6 +1,5 @@
 import Crypto
 import Foundation
-import SwiftASN1
 import X509
 
 public enum ECDSA: Sendable {}
@@ -21,8 +20,8 @@ public extension ECDSA {
 
         public var parameters: ECDSAParameters? {
             // 0x04 || x || y
-            let x = backing.x963Representation[Curve.byteRanges.x].base64EncodedString()
-            let y = backing.x963Representation[Curve.byteRanges.y].base64EncodedString()
+            let x = self.backing.x963Representation[Curve.byteRanges.x].base64EncodedString()
+            let y = self.backing.x963Representation[Curve.byteRanges.y].base64EncodedString()
             return (x, y)
         }
 
@@ -32,7 +31,7 @@ public extension ECDSA {
         ///
         /// - Returns: A PEM encoded string representation of the key.
         public var pemRepresentation: String {
-            backing.pemRepresentation
+            self.backing.pemRepresentation
         }
 
         /// Creates an ``ECDSA.PublicKey`` instance from SwiftCrypto PublicKey.
@@ -53,7 +52,7 @@ public extension ECDSA {
             guard let publicKey = PublicKey(certificate.publicKey) else {
                 throw ECDSAError.generateKeyFailure
             }
-            backing = publicKey
+            self.backing = publicKey
         }
 
         /// Creates an ``ECDSA.PublicKey`` instance from a PEM encoded certificate data.
@@ -71,7 +70,7 @@ public extension ECDSA {
         /// - Throws: If there is a problem parsing the public key.
         /// - Returns: A new ``ECDSA.PublicKey`` instance with the public key from the certificate.
         public init(pem string: String) throws {
-            backing = try PublicKey(pemRepresentation: string)
+            self.backing = try PublicKey(pemRepresentation: string)
         }
 
         /// Creates an ``ECDSA.PublicKey`` instance from a PEM encoded public key data.
@@ -101,7 +100,7 @@ public extension ECDSA {
             else {
                 throw JWTError.generic(identifier: "ecCoordinates", reason: "Unable to interpret x or y as base64 encoded data")
             }
-            backing = try PublicKey(x963Representation: [0x04] + x + y)
+            self.backing = try PublicKey(x963Representation: [0x04] + x + y)
         }
 
         init(backing: PublicKey) {
@@ -122,20 +121,20 @@ public extension ECDSA {
         public private(set) var curve: ECDSACurve = Curve.curve
 
         public var parameters: ECDSAParameters? {
-            publicKey.parameters
+            self.publicKey.parameters
         }
 
         var backing: PrivateKey
 
         public var publicKey: PublicKey<Curve> {
-            .init(backing: backing.publicKey)
+            .init(backing: self.backing.publicKey)
         }
 
         /// The current private key as a PEM encoded string.
         ///
         /// - Returns: A PEM encoded string representation of the key.
         public var pemRepresentation: String {
-            backing.pemRepresentation
+            self.backing.pemRepresentation
         }
 
         /// Creates an ``ECDSA.PrivateKey`` instance from SwiftCrypto PrivateKey.
@@ -152,7 +151,7 @@ public extension ECDSA {
         /// - Throws: If there is a problem parsing the private key.
         /// - Returns: A new ``ECDSA.PrivateKey`` instance with the private key.
         public init(pem string: String) throws {
-            backing = try PrivateKey(pemRepresentation: string)
+            self.backing = try PrivateKey(pemRepresentation: string)
         }
 
         /// Creates an ``ECDSA.PrivateKey`` instance from a PEM encoded private key data.
@@ -181,14 +180,14 @@ public extension ECDSA {
                 throw JWTError.generic(identifier: "ECDSAKey Creation", reason: "Unable to interpret private key data as base64URL")
             }
 
-            backing = try PrivateKey(rawRepresentation: [UInt8](keyData))
+            self.backing = try PrivateKey(rawRepresentation: [UInt8](keyData))
         }
 
         /// Generates a new ECDSA key.
         ///
         /// - Returns: A new ``ECDSA.PrivateKey`` instance with the generated key.
         public init() {
-            backing = PrivateKey()
+            self.backing = PrivateKey()
         }
 
         public static func == (lhs: Self, rhs: Self) -> Bool {

Sources/JWTKit/ECDSA/ECDSAKeyTypes.swift

@@ -1,6 +1,5 @@
 import Crypto
 import Foundation
-import SwiftASN1
 import X509
 
 /// A typealias representing the parameters of an ECDSA (Elliptic Curve Digital Signature Algorithm) key.

Sources/JWTKit/JWK/JWK.swift

@@ -9,7 +9,7 @@ public struct JWK: Codable, Sendable {
         let backing: Backing
 
         public var rawValue: String {
-            switch backing {
+            switch self.backing {
             case let .ecdsa(ecdsaCurve):
                 ecdsaCurve.rawValue
             case let .eddsa(eddsaCurve):
@@ -54,7 +54,7 @@ public struct JWK: Codable, Sendable {
         }
 
         public func encode(to encoder: any Encoder) throws {
-            switch backing {
+            switch self.backing {
             case let .ecdsa(ecdsaCurve):
                 try ecdsaCurve.encode(to: encoder)
             case let .eddsa(eddsaCurve):
@@ -70,7 +70,7 @@ public struct JWK: Codable, Sendable {
         let backing: Backing
 
         public var rawValue: String {
-            backing.rawValue
+            self.backing.rawValue
         }
 
         /// RSA
@@ -119,7 +119,7 @@ public struct JWK: Codable, Sendable {
         let backing: Backing
 
         public var rawValue: String {
-            backing.rawValue
+            self.backing.rawValue
         }
 
         /// RSA with SHA256
@@ -207,6 +207,12 @@ public struct JWK: Codable, Sendable {
     /// `d` Private exponent.
     public var privateExponent: String?
 
+    /// `p` First prime factor.
+    public var prime1: String?
+
+    /// `q` Second prime factor.
+    public var prime2: String?
+
     // ECDSA keys
     public var x: String?
 
@@ -221,6 +227,8 @@ public struct JWK: Codable, Sendable {
         case modulus = "n"
         case exponent = "e"
         case privateExponent = "d"
+        case prime1 = "p"
+        case prime2 = "q"
         case curve = "crv"
         case x
         case y
@@ -243,7 +251,9 @@ public struct JWK: Codable, Sendable {
             keyIdentifier: identifier,
             modulus: modulus,
             exponent: exponent,
-            privateExponent: privateExponent
+            privateExponent: privateExponent,
+            prime1: nil,
+            prime2: nil
         )
     }
 
@@ -291,6 +301,8 @@ public struct JWK: Codable, Sendable {
         modulus: String? = nil,
         exponent: String? = nil,
         privateExponent: String? = nil,
+        prime1: String? = nil,
+        prime2: String? = nil,
         x: String? = nil,
         y: String? = nil,
         curve: Curve? = nil
@@ -301,6 +313,8 @@ public struct JWK: Codable, Sendable {
         self.modulus = modulus
         self.exponent = exponent
         self.privateExponent = privateExponent
+        self.prime1 = prime1
+        self.prime2 = prime2
         self.x = x
         self.y = y
         self.curve = curve

Sources/JWTKit/JWK/JWKSigner.swift

@@ -41,11 +41,24 @@ extension JWK {
                 throw JWTError.invalidJWK(reason: "Missing RSA primitives")
             }
 
-            let rsaKey: RSAKey
-            if let privateExponent = self.privateExponent {
-                rsaKey = try Insecure.RSA.PrivateKey(modulus: modulus, exponent: exponent, privateExponent: privateExponent)
+            let rsaKey: RSAKey = if let privateExponent = self.privateExponent {
+                if let prime1, let prime2 {
+                    try Insecure.RSA.PrivateKey(
+                        modulus: modulus,
+                        exponent: exponent,
+                        privateExponent: privateExponent,
+                        prime1: prime1,
+                        prime2: prime2
+                    )
+                } else {
+                    try Insecure.RSA.PrivateKey(
+                        modulus: modulus,
+                        exponent: exponent,
+                        privateExponent: privateExponent
+                    )
+                }
             } else {
-                rsaKey = try Insecure.RSA.PublicKey(modulus: modulus, exponent: exponent)
+                try Insecure.RSA.PublicKey(modulus: modulus, exponent: exponent)
             }
 
             let algorithm = alg ?? self.algorithm