Specify RSA signing padding to ensure backwards compatibility

Author: yim-lee

Sources/PackageCollectionsSigning/PackageCollectionSigning.swift

@@ -228,7 +228,7 @@ public struct PackageCollectionSigning: PackageCollectionSigner, PackageCollecti
 
                                 signatureAlgorithm = .RS256
                                 signatureProvider = {
-                                    try privateKey.signature(for: SHA256.hash(data: $0)).rawRepresentation
+                                    try privateKey.signature(for: SHA256.hash(data: $0), padding: Signature.rsaSigningPadding).rawRepresentation
                                 }
                             } catch let error as PackageCollectionSigningError {
                                 throw error

Sources/PackageCollectionsSigning/Signature.swift

@@ -60,6 +60,8 @@ extension Signature {
 
 // Reference: https://github.com/vapor/jwt-kit/blob/master/Sources/JWTKit/JWTSerializer.swift
 extension Signature {
+    static let rsaSigningPadding = _RSA.Signing.Padding.insecurePKCS1v1_5
+    
     static func generate(
         payload: some Encodable,
         certChainData: [Data],
@@ -149,7 +151,7 @@ extension Signature {
                     // Extract public key from the certificate
                     let certificate = certChain.first! // !-safe because certChain is not empty at this point
                     // Verify the key was used to generate the signature
-                    let message: Data = .init(encodedHeader) + .period + Data(encodedPayload)
+                    let message: Data = Data(encodedHeader) + .period + Data(encodedPayload)
                     let digest = SHA256.hash(data: message)
 
                     switch header.algorithm {
@@ -165,7 +167,7 @@ extension Signature {
                         guard let publicKey = _RSA.Signing.PublicKey(certificate.publicKey) else {
                             throw SignatureError.invalidPublicKey
                         }
-                        guard publicKey.isValidSignature(.init(rawRepresentation: signatureBytes), for: digest) else {
+                        guard publicKey.isValidSignature(.init(rawRepresentation: signatureBytes), for: digest, padding: .insecurePKCS1v1_5) else {
                             throw SignatureError.invalidSignature
                         }
                     }

Tests/PackageCollectionsSigningTests/SignatureTests.swift

@@ -40,7 +40,7 @@ class SignatureTests: XCTestCase {
                 jsonEncoder: jsonEncoder,
                 signatureAlgorithm: .RS256
             ) {
-                try privateKey.signature(for: SHA256.hash(data: $0)).rawRepresentation
+                try privateKey.signature(for: SHA256.hash(data: $0), padding: Signature.rsaSigningPadding).rawRepresentation
             }
 
             let parsedSignature = try tsc_await { callback in
@@ -76,7 +76,7 @@ class SignatureTests: XCTestCase {
                 jsonEncoder: jsonEncoder,
                 signatureAlgorithm: .RS256
             ) {
-                try privateKey.signature(for: SHA256.hash(data: $0)).rawRepresentation
+                try privateKey.signature(for: SHA256.hash(data: $0), padding: Signature.rsaSigningPadding).rawRepresentation
             }
 
             XCTAssertThrowsError(try tsc_await { callback in