Made the default Signature variant .message_pkcs1v15_sha256.

btoms20 · btoms20 · commit 141bda417a9a · 2022-08-15T14:53:54.000-07:00
diff --git a/Sources/CryptoSwift/RSA/RSA+Signature.swift b/Sources/CryptoSwift/RSA/RSA+Signature.swift
@@ -11,7 +11,7 @@ import Foundation
 
 extension RSA: Signature {
   public func sign(_ bytes: ArraySlice<UInt8>) throws -> Array<UInt8> {
-    try self.sign(Array(bytes), variant: .message_pkcs1v15_SHA512_256)
+    try self.sign(Array(bytes), variant: .message_pkcs1v15_SHA256)
   }
 
   public func sign(_ bytes: Array<UInt8>, variant: SignatureVariant) throws -> Array<UInt8> {
@@ -30,13 +30,13 @@ extension RSA: Signature {
   }
 
   public func verify(signature: ArraySlice<UInt8>, for expectedData: ArraySlice<UInt8>) throws -> Bool {
-    try self.verify(signature: Array(signature), for: Array(expectedData), variant: .message_pkcs1v15_SHA512_256)
+    try self.verify(signature: Array(signature), for: Array(expectedData), variant: .message_pkcs1v15_SHA256)
   }
 
   /// https://datatracker.ietf.org/doc/html/rfc8017#section-8.2.2
-  public func verify(signature: Array<UInt8>, for bytes: Array<UInt8>, variant: SignatureVariant = .message_pkcs1v15_SHA256) throws -> Bool {
+  public func verify(signature: Array<UInt8>, for bytes: Array<UInt8>, variant: SignatureVariant) throws -> Bool {
     /// Step 1: Ensure the signature is the same length as the key's modulus
-    guard signature.count == (self.keySize / 8) else { throw Error.invalidSignatureLength }
+    guard signature.count == (self.keySize / 8) || (signature.count - 1) == (self.keySize / 8) else { throw Error.invalidSignatureLength }
 
     let expectedData = try Array<UInt8>(RSA.hashedAndEncoded(bytes, variant: variant, keySizeInBytes: self.keySize / 8).dropFirst())
 

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ import Foundation`
`11`	`11`
`12`	`12`	`extension RSA: Signature {`
`13`	`13`	`public func sign(_ bytes: ArraySlice<UInt8>) throws -> Array<UInt8> {`
`14`		`- try self.sign(Array(bytes), variant: .message_pkcs1v15_SHA512_256)`
	`14`	`+ try self.sign(Array(bytes), variant: .message_pkcs1v15_SHA256)`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`public func sign(_ bytes: Array<UInt8>, variant: SignatureVariant) throws -> Array<UInt8> {`
`@@ -30,13 +30,13 @@ extension RSA: Signature {`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`public func verify(signature: ArraySlice<UInt8>, for expectedData: ArraySlice<UInt8>) throws -> Bool {`
`33`		`- try self.verify(signature: Array(signature), for: Array(expectedData), variant: .message_pkcs1v15_SHA512_256)`
	`33`	`+ try self.verify(signature: Array(signature), for: Array(expectedData), variant: .message_pkcs1v15_SHA256)`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`/// https://datatracker.ietf.org/doc/html/rfc8017#section-8.2.2`
`37`		`- public func verify(signature: Array<UInt8>, for bytes: Array<UInt8>, variant: SignatureVariant = .message_pkcs1v15_SHA256) throws -> Bool {`
	`37`	`+ public func verify(signature: Array<UInt8>, for bytes: Array<UInt8>, variant: SignatureVariant) throws -> Bool {`
`38`	`38`	`/// Step 1: Ensure the signature is the same length as the key's modulus`
`39`		`- guard signature.count == (self.keySize / 8) else { throw Error.invalidSignatureLength }`
	`39`	`+ guard signature.count == (self.keySize / 8) \|\| (signature.count - 1) == (self.keySize / 8) else { throw Error.invalidSignatureLength }`
`40`	`40`
`41`	`41`	`let expectedData = try Array<UInt8>(RSA.hashedAndEncoded(bytes, variant: variant, keySizeInBytes: self.keySize / 8).dropFirst())`
`42`	`42`