`Trusted Entitlements`: new Signature format #2679

NachoSoto · 2023-06-21T21:02:33Z

New format:

32 bytes: intermediate public key
4 bytes: Expiration (in days since epoch)
64 bytes: intermediate public key signature, signed with the root private key
16 bytes: salt
64 bytes: payload signature:
- salt
- nonce (if present)
- request time (as int string)
- etag (if present)
- payload

This also adds support for optional nonces for "static" signatures, which is required for #2667.

Sources/Security/Signing.swift

NachoSoto · 2023-06-22T22:15:04Z

Tests/UnitTests/Networking/SignatureVerificationHTTPClientTests.swift

@@ -216,6 +216,8 @@ final class InformationalSignatureVerificationHTTPClientTests: BaseSignatureVeri
    }

    func testValidSignatureWithETagResponse() throws {
+        XCTExpectFailure("Not yet implemented")


The fix for this is quite long so it's coming in a separate PR.

tonidero

Should we hold off merging this to main until everything is ready so we don't break things in main? This looks good though!

tonidero · 2023-06-23T07:51:43Z

Sources/Security/Signing.swift

@@ -103,9 +120,8 @@ enum Signing: SigningType {

    // MARK: -

-    private static let publicKey = "UC1upXWg5QVmyOSwozp755xLqquBKjjU+di6U8QhMlM="
+    private static let publicKey = "nVoKJjLhhTNo19Mkjr5DEmgMf361HWxxMyctC10Ob7c="


So this will be the key used to verify the intermediate key correct? Should we rename it to make it clearer?

I still need to figure out that part.

I left this here so tests pass, but in the last PR this will be reverted, since the actual public key hasn't changed.

Sources/Security/Signing+ResponseVerification.swift

Sources/Security/Signing.swift

tonidero · 2023-06-23T08:09:46Z

Sources/Security/Signing.swift

        )
    }

 }

 // MARK: - Private

+extension Signing {
+
+    enum SignatureComponent: CaseIterable, Comparable {


This is nice! ❤️

NachoSoto · 2023-06-23T15:46:16Z

Should we hold off merging this to main until everything is ready so we don't break things in main?

Yeah for sure 👍🏻
I'm trying to get integration tests pointing to the canary at least so we can start verifying those.

Sources/Security/Signing+ResponseVerification.swift

tonidero

Looks good!

tonidero · 2023-06-30T07:34:32Z

Sources/Security/Signing.swift

+            return false
+        }
+
+        // Fixme: verify public key


Is this still needed?

That's done in #2715 :)

NachoSoto · 2023-06-30T16:31:37Z

Tests/BackendIntegrationTests/SignatureVerificationIntegrationTests.swift

@@ -25,6 +25,8 @@ class BaseSignatureVerificationIntegrationTests: BaseStoreKitIntegrationTests {
    fileprivate var invalidSignature: Bool = false

    override func setUp() async throws {
+        throw XCTSkip("Tests disabled until backend deploys new signature format")


⚠️ Disabling for now.

NachoSoto · 2023-06-30T16:31:44Z

Tests/BackendIntegrationTests/BaseBackendIntegrationTests.swift

-        return .enforced(Signing.loadPublicKey())
+        // Disabled until the backend deploys the new signature format
+        // return .enforced(Signing.loadPublicKey())
+        return .disabled


⚠️ Disabling for now.

Last step of the new Signature format. Follow up to #2679 and #2698. This reverts the public key change in #2679, since that was the intermediate key. This now extracts the new intermediate public key from the signature, and verifies it using the public key.

NachoSoto added the refactor label Jun 21, 2023

NachoSoto requested a review from a team June 21, 2023 21:02

NachoSoto commented Jun 22, 2023

View reviewed changes

Sources/Security/Signing.swift Outdated Show resolved Hide resolved

NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch 10 times, most recently from af640da to 76c0c54 Compare June 22, 2023 22:12

NachoSoto changed the title ~~[WIP] Trusted Entitlements: new Signature format~~ Trusted Entitlements: new Signature format Jun 22, 2023

NachoSoto marked this pull request as ready for review June 22, 2023 22:12

NachoSoto commented Jun 22, 2023

View reviewed changes

This was referenced Jun 22, 2023

Refactor: extract ErrorResponse into its own file #2697

Merged

Trusted Entitlements: update handling of 304 responses #2698

Merged

tonidero reviewed Jun 23, 2023

View reviewed changes

NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch 5 times, most recently from 250270c to b0782ab Compare June 26, 2023 21:07

NachoSoto requested review from bisho and aboedo June 26, 2023 22:25

NachoSoto mentioned this pull request Jun 26, 2023

Signing: extract and verify intermediate key #2715

Merged

tonidero reviewed Jun 27, 2023

View reviewed changes

Sources/Security/Signing+ResponseVerification.swift Show resolved Hide resolved

NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch from b0782ab to a11ae88 Compare June 27, 2023 14:29

NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch 3 times, most recently from 62010bf to e654254 Compare June 29, 2023 19:02

tonidero approved these changes Jun 30, 2023

View reviewed changes

Trusted Entitlements: updated signature format

1700575

NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch from 9d3ee66 to 92b1d1c Compare June 30, 2023 16:06

NachoSoto enabled auto-merge (squash) June 30, 2023 16:09

NachoSoto disabled auto-merge June 30, 2023 16:09

NachoSoto enabled auto-merge (squash) June 30, 2023 16:12

NachoSoto disabled auto-merge June 30, 2023 16:12

NachoSoto enabled auto-merge (squash) June 30, 2023 16:13

NachoSoto commented Jun 30, 2023

View reviewed changes

NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch 3 times, most recently from be175cc to 6d66630 Compare June 30, 2023 17:29

Disable signature integration tests for now

4d8fd34

NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch from 6d66630 to 4d8fd34 Compare June 30, 2023 18:10

NachoSoto merged commit d457cb0 into main Jun 30, 2023

NachoSoto deleted the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch June 30, 2023 18:50

RCGitBot mentioned this pull request Jul 7, 2023

[AUTOMATIC] Release/4.24.1 #2773

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`Trusted Entitlements`: new Signature format #2679

`Trusted Entitlements`: new Signature format #2679

NachoSoto commented Jun 21, 2023 •

edited

Loading

NachoSoto Jun 22, 2023

tonidero left a comment

tonidero Jun 23, 2023

NachoSoto Jun 23, 2023

NachoSoto Jun 26, 2023

tonidero Jun 23, 2023

NachoSoto commented Jun 23, 2023

tonidero left a comment

tonidero Jun 30, 2023

NachoSoto Jun 30, 2023

NachoSoto Jun 30, 2023 •

edited

Loading

NachoSoto Jun 30, 2023

Trusted Entitlements: new Signature format #2679

Trusted Entitlements: new Signature format #2679

Conversation

NachoSoto commented Jun 21, 2023 • edited Loading

New format:

Choose a reason for hiding this comment

tonidero left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

NachoSoto commented Jun 23, 2023

tonidero left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

NachoSoto Jun 30, 2023 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

`Trusted Entitlements`: new Signature format #2679

`Trusted Entitlements`: new Signature format #2679

NachoSoto commented Jun 21, 2023 •

edited

Loading

NachoSoto Jun 30, 2023 •

edited

Loading