add rsa pkcs8 parse

Author: deatil

README.md

@@ -166,9 +166,13 @@ const public_key = jwt.crypto_rsa.PublicKey;
 
 // rsa no generate
 
-// from plain bytes
+// from pkcs1 der bytes
 const secret_key = try jwt.crypto_rsa.SecretKey.fromDer(prikey_bytes);
 const public_key = try jwt.crypto_rsa.PublicKey.fromDer(pubkey_bytes);
+
+// from pkcs8 der bytes
+const secret_key = try jwt.crypto_rsa.SecretKey.fromPKCS8Der(prikey_bytes);
+const public_key = try jwt.crypto_rsa.PublicKey.fromPKCS8Der(pubkey_bytes);
 ~~~
 
 ECDSA PublicKey:

build.zig.zon

@@ -1,7 +1,7 @@
 .{
     .name = .zig_jwt,
     .description = "A JWT (JSON Web Token) library for zig.",
-    .version = "1.0.17",
+    .version = "1.0.18",
     .fingerprint = 0x30a5aec248bd7ac3, 
     .minimum_zig_version = "0.14.0-dev.3451+d8d2aa9af",
     .dependencies = .{},

src/jwt.zig

@@ -1419,3 +1419,101 @@ test "SigningMethodPS256 Check fail" {
     try testing.expectEqual(true, need_true);
 
 }
+
+test "SigningMethodRS256 with pkcs8 key" {
+    const alloc = std.heap.page_allocator;
+
+    const prikey = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDh/nCDmXaEqxN416b9XjV8acmbqA52uPzKbesWQRT/BPxEO2dKAURk5CkcSBDskvfzFR9TRjeDppjD1BPSEnuYKnP0SvmotoxcnBnHMfMBqGV8DSJyppu8k4y9C3MPq5C/rA8TJm0NNaJCL0BfAGkeyw+elgYifbRlm42VfYGsKVyIeEI9Qghk5Cf8yapMPfWNLKOhChXsyGExMBMonHZeseFH7UNwonNAFJMAaelhVqqmwBFqn6fBGKmvedRO7HIaiEFNKaMna6xJ5Bccjds4MhF7UC5PIdx4Bt7CfxvjrbIRYoBF2l30CNBblIhU992zPkHoaVhDkt1gq3OdO7LvAgMBAAECggEBALCJrWTv7ahnZ3efpqAIBuogTVBd8KaHjVmokds5jehFAbdfXClwYfgaT477MNVNXYmzN1w63sTl0DIxqiYRMCFHEHuGUg6cQ3tYqb50Y2spG9XTANTlF4UxEeDfX8ue7xz7kG8aNlf6TL084iEUVgmrAJGWikZJQjGZWPmtKC3OTeJY5Bev5qHVuMRe+XEM5aQc3ph+lXlOF0Qp0Eg8YRWprrev2faH6prMqu2JGomoac6sfM4QJhtEViF7Gw0XPthPTbF19IefuAwi9psMM/9CnQ+MTWN2i6IxoUdicsFuC+Wdlb3K5V/+uldNSr+ePEhcya+YTLK9IOcVwWKQHykCgYEA8XvuEribf+t0ZPtfxr+DC9nZHXbVoFx0/ARpSG+P/fp3Hn3rO9iYQ6OtZ9mEXTzf+dhYTaRWq6PbCOz6i0It+J8QSBdxU9OcQ4871mDe41IvSc1CCGMW4PeIYtNQEK0zrqhN7SMtKyUd7yAsYRCrIzMc7NjE2qJvFw5kh7xC3Q0CgYEA75Qjn5daNYSAOa/ILdOs5J/8oIaO27RNK/fSKm/btsMsyum8+YP/mWmm1MXBzG9WEKzZv5yEKOWCEVJYVsFQsGt9yLYW2WIKU5UxiuU0F1RImF/dphIbYOh7oGC3WfYKk2f+K7ftjc196ZkEkDuE2Xh1h75/67Mzztx1DbXj6OsCgYBcDRfFfyWXb5Og4smxo1M680H2H1RzmorlfnD7sbs733wE3Y8L8xanwf7Z9WqleA0Q2k1e22RGbWGTV3JyHzoS6d90+6qxf5qzjigLIkYUdUGdambfd5ZDD1ioA1Ej6kInM/TwjlYreiyc+LCyF36FHnjKOB9iEEU0jsH3k+YRCQKBgHMVLPuHX6zfhhyvxK/Gw4FbHKYbnNoKxRs+wvThoKAtJwIdv0n4TzppVttUV2CVhrkh3sM9MvrWLGGXtZmO6Oyl5dkZJuarQpydyRuYOCqQsQKI4lbY0c/+PQxwCQMsvi3KwXxMsM7yC+6/M0L5ZDp2s7ZOGvKktVlD6vJ4Eg+bAoGARnGGprSBW8dAb/s53r0paPh4k/bySrXdGEprLwk6g3S8+aylcmjUdjcIq4dEb4A/nv12dx1Sc4y99c62R0zi+TT6FYBIFDMz3HNVzO0Jr6SgC6CNVotL0D725CioR5U1NyTHHRLZth69HLuEZCZQlPJCbePXMRRHmOl1svzcVuo=";
+    const pubkey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4f5wg5l2hKsTeNem/V41fGnJm6gOdrj8ym3rFkEU/wT8RDtnSgFEZOQpHEgQ7JL38xUfU0Y3g6aYw9QT0hJ7mCpz9Er5qLaMXJwZxzHzAahlfA0icqabvJOMvQtzD6uQv6wPEyZtDTWiQi9AXwBpHssPnpYGIn20ZZuNlX2BrClciHhCPUIIZOQn/MmqTD31jSyjoQoV7MhhMTATKJx2XrHhR+1DcKJzQBSTAGnpYVaqpsARap+nwRipr3nUTuxyGohBTSmjJ2usSeQXHI3bODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy7wIDAQAB";
+
+    const prikey_bytes = try utils.base64Decode(alloc, prikey);
+    const pubkey_bytes = try utils.base64Decode(alloc, pubkey);
+
+    const secret_key = try crypto_rsa.SecretKey.fromPKCS8Der(prikey_bytes);
+    const public_key = try crypto_rsa.PublicKey.fromPKCS8Der(pubkey_bytes);
+
+    const claims = .{
+        .aud = "example.com",
+        .sub = "foo",
+    };
+
+    const s = SigningMethodRS256.init(alloc);
+    const token_string = try s.sign(claims, secret_key);
+    try testing.expectEqual(true, token_string.len > 0);
+
+    // ==========
+
+    const p = SigningMethodRS256.init(alloc);
+    var parsed = try p.parse(token_string, public_key);
+
+    const claims2 = try parsed.getClaims();
+    try testing.expectEqualStrings(claims.aud, claims2.object.get("aud").?.string);
+    try testing.expectEqualStrings(claims.sub, claims2.object.get("sub").?.string);
+
+}
+
+test "SigningMethodPS256 with pkcs8 key" {
+    const alloc = std.heap.page_allocator;
+
+    const prikey = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDh/nCDmXaEqxN416b9XjV8acmbqA52uPzKbesWQRT/BPxEO2dKAURk5CkcSBDskvfzFR9TRjeDppjD1BPSEnuYKnP0SvmotoxcnBnHMfMBqGV8DSJyppu8k4y9C3MPq5C/rA8TJm0NNaJCL0BfAGkeyw+elgYifbRlm42VfYGsKVyIeEI9Qghk5Cf8yapMPfWNLKOhChXsyGExMBMonHZeseFH7UNwonNAFJMAaelhVqqmwBFqn6fBGKmvedRO7HIaiEFNKaMna6xJ5Bccjds4MhF7UC5PIdx4Bt7CfxvjrbIRYoBF2l30CNBblIhU992zPkHoaVhDkt1gq3OdO7LvAgMBAAECggEBALCJrWTv7ahnZ3efpqAIBuogTVBd8KaHjVmokds5jehFAbdfXClwYfgaT477MNVNXYmzN1w63sTl0DIxqiYRMCFHEHuGUg6cQ3tYqb50Y2spG9XTANTlF4UxEeDfX8ue7xz7kG8aNlf6TL084iEUVgmrAJGWikZJQjGZWPmtKC3OTeJY5Bev5qHVuMRe+XEM5aQc3ph+lXlOF0Qp0Eg8YRWprrev2faH6prMqu2JGomoac6sfM4QJhtEViF7Gw0XPthPTbF19IefuAwi9psMM/9CnQ+MTWN2i6IxoUdicsFuC+Wdlb3K5V/+uldNSr+ePEhcya+YTLK9IOcVwWKQHykCgYEA8XvuEribf+t0ZPtfxr+DC9nZHXbVoFx0/ARpSG+P/fp3Hn3rO9iYQ6OtZ9mEXTzf+dhYTaRWq6PbCOz6i0It+J8QSBdxU9OcQ4871mDe41IvSc1CCGMW4PeIYtNQEK0zrqhN7SMtKyUd7yAsYRCrIzMc7NjE2qJvFw5kh7xC3Q0CgYEA75Qjn5daNYSAOa/ILdOs5J/8oIaO27RNK/fSKm/btsMsyum8+YP/mWmm1MXBzG9WEKzZv5yEKOWCEVJYVsFQsGt9yLYW2WIKU5UxiuU0F1RImF/dphIbYOh7oGC3WfYKk2f+K7ftjc196ZkEkDuE2Xh1h75/67Mzztx1DbXj6OsCgYBcDRfFfyWXb5Og4smxo1M680H2H1RzmorlfnD7sbs733wE3Y8L8xanwf7Z9WqleA0Q2k1e22RGbWGTV3JyHzoS6d90+6qxf5qzjigLIkYUdUGdambfd5ZDD1ioA1Ej6kInM/TwjlYreiyc+LCyF36FHnjKOB9iEEU0jsH3k+YRCQKBgHMVLPuHX6zfhhyvxK/Gw4FbHKYbnNoKxRs+wvThoKAtJwIdv0n4TzppVttUV2CVhrkh3sM9MvrWLGGXtZmO6Oyl5dkZJuarQpydyRuYOCqQsQKI4lbY0c/+PQxwCQMsvi3KwXxMsM7yC+6/M0L5ZDp2s7ZOGvKktVlD6vJ4Eg+bAoGARnGGprSBW8dAb/s53r0paPh4k/bySrXdGEprLwk6g3S8+aylcmjUdjcIq4dEb4A/nv12dx1Sc4y99c62R0zi+TT6FYBIFDMz3HNVzO0Jr6SgC6CNVotL0D725CioR5U1NyTHHRLZth69HLuEZCZQlPJCbePXMRRHmOl1svzcVuo=";
+    const pubkey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4f5wg5l2hKsTeNem/V41fGnJm6gOdrj8ym3rFkEU/wT8RDtnSgFEZOQpHEgQ7JL38xUfU0Y3g6aYw9QT0hJ7mCpz9Er5qLaMXJwZxzHzAahlfA0icqabvJOMvQtzD6uQv6wPEyZtDTWiQi9AXwBpHssPnpYGIn20ZZuNlX2BrClciHhCPUIIZOQn/MmqTD31jSyjoQoV7MhhMTATKJx2XrHhR+1DcKJzQBSTAGnpYVaqpsARap+nwRipr3nUTuxyGohBTSmjJ2usSeQXHI3bODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy7wIDAQAB";
+
+    const prikey_bytes = try utils.base64Decode(alloc, prikey);
+    const pubkey_bytes = try utils.base64Decode(alloc, pubkey);
+
+    const secret_key = try crypto_rsa.SecretKey.fromPKCS8Der(prikey_bytes);
+    const public_key = try crypto_rsa.PublicKey.fromPKCS8Der(pubkey_bytes);
+
+    const claims = .{
+        .aud = "example.com",
+        .sub = "foo",
+    };
+
+    const s = SigningMethodPS256.init(alloc);
+    const token_string = try s.sign(claims, secret_key);
+    try testing.expectEqual(true, token_string.len > 0);
+
+    // ==========
+
+    const p = SigningMethodPS256.init(alloc);
+    var parsed = try p.parse(token_string, public_key);
+
+    const claims2 = try parsed.getClaims();
+    try testing.expectEqualStrings(claims.aud, claims2.object.get("aud").?.string);
+    try testing.expectEqualStrings(claims.sub, claims2.object.get("sub").?.string);
+
+}
+
+test "SigningMethodRS256 Check with pkcs8 key" {
+    const alloc = std.heap.page_allocator;
+
+    const pubkey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4f5wg5l2hKsTeNem/V41fGnJm6gOdrj8ym3rFkEU/wT8RDtnSgFEZOQpHEgQ7JL38xUfU0Y3g6aYw9QT0hJ7mCpz9Er5qLaMXJwZxzHzAahlfA0icqabvJOMvQtzD6uQv6wPEyZtDTWiQi9AXwBpHssPnpYGIn20ZZuNlX2BrClciHhCPUIIZOQn/MmqTD31jSyjoQoV7MhhMTATKJx2XrHhR+1DcKJzQBSTAGnpYVaqpsARap+nwRipr3nUTuxyGohBTSmjJ2usSeQXHI3bODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy7wIDAQAB";
+    const token_str = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.FhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg";
+
+    const pubkey_bytes = try utils.base64Decode(alloc, pubkey);
+    const public_key = try crypto_rsa.PublicKey.fromPKCS8Der(pubkey_bytes);
+
+    const p = SigningMethodRS256.init(alloc);
+    var parsed = try p.parse(token_str, public_key);
+
+    const claims2 = try parsed.getClaims();
+    try testing.expectEqualStrings("bar", claims2.object.get("foo").?.string);
+
+}
+
+test "SigningMethodPS256 Check with pkcs8 key" {
+    const alloc = std.heap.page_allocator;
+
+    const pubkey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4f5wg5l2hKsTeNem/V41fGnJm6gOdrj8ym3rFkEU/wT8RDtnSgFEZOQpHEgQ7JL38xUfU0Y3g6aYw9QT0hJ7mCpz9Er5qLaMXJwZxzHzAahlfA0icqabvJOMvQtzD6uQv6wPEyZtDTWiQi9AXwBpHssPnpYGIn20ZZuNlX2BrClciHhCPUIIZOQn/MmqTD31jSyjoQoV7MhhMTATKJx2XrHhR+1DcKJzQBSTAGnpYVaqpsARap+nwRipr3nUTuxyGohBTSmjJ2usSeQXHI3bODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy7wIDAQAB";
+    const token_str = "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.PPG4xyDVY8ffp4CcxofNmsTDXsrVG2npdQuibLhJbv4ClyPTUtR5giNSvuxo03kB6I8VXVr0Y9X7UxhJVEoJOmULAwRWaUsDnIewQa101cVhMa6iR8X37kfFoiZ6NkS-c7henVkkQWu2HtotkEtQvN5hFlk8IevXXPmvZlhQhwzB1sGzGYnoi1zOfuL98d3BIjUjtlwii5w6gYG2AEEzp7HnHCsb3jIwUPdq86Oe6hIFjtBwduIK90ca4UqzARpcfwxHwVLMpatKask00AgGVI0ysdk0BLMjmLutquD03XbThHScC2C2_Pp4cHWgMzvbgLU2RYYZcZRKr46QeNgz9w";
+
+    const pubkey_bytes = try utils.base64Decode(alloc, pubkey);
+    const public_key = try crypto_rsa.PublicKey.fromPKCS8Der(pubkey_bytes);
+
+    const p = SigningMethodPS256.init(alloc);
+    var parsed = try p.parse(token_str, public_key);
+
+    const claims2 = try parsed.getClaims();
+    try testing.expectEqualStrings("bar", claims2.object.get("foo").?.string);
+
+}

src/rsa/der.zig

@@ -24,14 +24,7 @@ pub const Parser = struct {
     bytes: []const u8,
     index: Index = 0,
 
-    pub const Error = Element.Error || error{
-        UnexpectedElement,
-        InvalidIntegerEncoding,
-        Overflow,
-        NonCanonical,
-    };
-
-    pub fn expectBool(self: *Parser) Error!bool {
+    pub fn expectBool(self: *Parser) !bool {
         const ele = try self.expect(.universal, false, .boolean);
         if (ele.slice.len() != 1) return error.InvalidBool;
 
@@ -42,7 +35,7 @@ pub const Parser = struct {
         };
     }
 
-    pub fn expectBitstring(self: *Parser) Error!BitString {
+    pub fn expectBitstring(self: *Parser) !BitString {
         const ele = try self.expect(.universal, false, .bitstring);
         const bytes = self.view(ele);
         const right_padding = bytes[0];
@@ -54,7 +47,7 @@ pub const Parser = struct {
     }
 
     // TODO: return high resolution date time type instead of epoch seconds
-    pub fn expectDateTime(self: *Parser) Error!i64 {
+    pub fn expectDateTime(self: *Parser) !i64 {
         const ele = try self.expect(.universal, false, null);
         const bytes = self.view(ele);
         switch (ele.identifier.tag) {
@@ -93,12 +86,12 @@ pub const Parser = struct {
         }
     }
 
-    pub fn expectOid(self: *Parser) Error![]const u8 {
+    pub fn expectOid(self: *Parser) ![]const u8 {
         const oid = try self.expect(.universal, false, .object_identifier);
         return self.view(oid);
     }
 
-    pub fn expectEnum(self: *Parser, comptime Enum: type) Error!Enum {
+    pub fn expectEnum(self: *Parser, comptime Enum: type) !Enum {
         const oid = try self.expectOid();
         return Enum.oids.get(oid) orelse {
             if (builtin.mode == .Debug) {
@@ -111,7 +104,7 @@ pub const Parser = struct {
         };
     }
 
-    pub fn expectInt(self: *Parser, comptime T: type) Error!T {
+    pub fn expectInt(self: *Parser, comptime T: type) !T {
         const ele = try self.expectPrimitive(.integer);
         const bytes = self.view(ele);
 
@@ -130,7 +123,7 @@ pub const Parser = struct {
         return @bitCast(result);
     }
 
-    pub fn expectString(self: *Parser, allowed: std.EnumSet(String.Tag)) Error!String {
+    pub fn expectString(self: *Parser, allowed: std.EnumSet(String.Tag)) !String {
         const ele = try self.expect(.universal, false, null);
         switch (ele.identifier.tag) {
             inline .string_utf8,
@@ -154,7 +147,7 @@ pub const Parser = struct {
         return error.UnexpectedElement;
     }
 
-    pub fn expectPrimitive(self: *Parser, tag: ?Identifier.Tag) Error!Element {
+    pub fn expectPrimitive(self: *Parser, tag: ?Identifier.Tag) !Element {
         var elem = try self.expect(.universal, false, tag);
         if (tag == .integer and elem.slice.len() > 0) {
             if (self.view(elem)[0] == 0) elem.slice.start += 1;
@@ -164,16 +157,16 @@ pub const Parser = struct {
     }
 
     /// Remember to call `expectEnd`
-    pub fn expectSequence(self: *Parser) Error!Element {
+    pub fn expectSequence(self: *Parser) !Element {
         return try self.expect(.universal, true, .sequence);
     }
 
     /// Remember to call `expectEnd`
-    pub fn expectSequenceOf(self: *Parser) Error!Element {
+    pub fn expectSequenceOf(self: *Parser) !Element {
         return try self.expect(.universal, true, .sequence_of);
     }
 
-    pub fn expectEnd(self: *Parser, val: usize) Error!void {
+    pub fn expectEnd(self: *Parser, val: usize) !void {
         if (self.index != val) return error.NonCanonical; // either forgot to parse end OR an attacker
     }
 
@@ -182,7 +175,7 @@ pub const Parser = struct {
         class: ?Identifier.Class,
         constructed: ?bool,
         tag: ?Identifier.Tag,
-    ) Error!Element {
+    ) !Element {
         if (self.index >= self.bytes.len) return error.EndOfStream;
 
         const res = try Element.init(self.bytes, self.index);
@@ -229,9 +222,7 @@ pub const Element = struct {
         }
     };
 
-    pub const Error = error{ InvalidLength, EndOfStream };
-
-    pub fn init(bytes: []const u8, index: Index) Error!Element {
+    pub fn init(bytes: []const u8, index: Index) !Element {
         var stream = std.io.fixedBufferStream(bytes[index..]);
         var reader = stream.reader();