Skip to content

Commit

Permalink
Update code to 2024 SDK release
Browse files Browse the repository at this point in the history
This patch updates Crypto to the 2024 release version of CryptoKit.
As with prior years, there are small tweaks to the API surface that
cause this to manifest as a semver major. In this instance, the
relevant change is the removal of the long-deprecated setters for the
hash function block byte counts.

This is another change that meets the technical definition of a
semver major, but is practically extraordinarily unlikely to manifest
in an actual problem. Nonetheless, we do have to acknowledge the
reality that this can break compiling code (e.g. in cases where users
have defined protocols that rely on having a setter available, even
though they never call through it).

To that end, this pushes Crypto up to 4.0.
  • Loading branch information
Lukasa committed Oct 4, 2024
1 parent b639b5b commit 0fea5a4
Show file tree
Hide file tree
Showing 81 changed files with 1,047 additions and 908 deletions.
6 changes: 5 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -130,10 +130,14 @@ SemVer and Swift Crypto's Public API guarantees should result in a working progr

Swift Crypto 2.0.0 was released in September 2021. The only breaking change between Swift Crypto 2.0.0 and 1.0.0 was the addition of new cases in the `CryptoKitError` enumeration. For most users, then, it's safe to depend on either the 1.0.0 _or_ 2.0.0 series of releases.

Swift Crypto 3.0.0 was released in September 2023. The only breaking change between Swift Crypto 3.0.0 and 2.0.0 was the addition of new cases in the `CryptoKitError` enumeration. For most users, then, it's safe to depend on either the 1.0.0 _or_ 2.0.0 _or_ 3.0.0 series of releases.

Swift Crypto 4.0.0 was released in October 2024. The only breaking change was the removal of the non-functional setters for `blockByteSize` on the hash functions, which triggered a `fatalError` if they were ever called. For most users, then, it is safe to depend on the entire range from 1.0.0 to 4.0.0 inclusive.

To do so, please use the following dependency in your `Package.swift`:

```swift
.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0" ..< "3.0.0"),
.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0" ..< "5.0.0"),
```

### Developing Swift Crypto on macOS
Expand Down
7 changes: 5 additions & 2 deletions Sources/Crypto/AEADs/AES/GCM/AES-GCM.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,17 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else
#if !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
#if (!CRYPTO_IN_SWIFTPM_FORCE_BUILD_API) || CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
typealias AESGCMImpl = CoreCryptoGCMImpl
import Security
#else
typealias AESGCMImpl = OpenSSLAESGCMImpl
#endif

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension AES {
/// The Advanced Encryption Standard (AES) Galois Counter Mode (GCM) cipher
Expand Down
8 changes: 6 additions & 2 deletions Sources/Crypto/AEADs/ChachaPoly/ChaChaPoly.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,18 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else
#if !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
#if (!CRYPTO_IN_SWIFTPM_FORCE_BUILD_API) || CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
typealias ChaChaPolyImpl = CoreCryptoChaChaPolyImpl
import Security
#else
typealias ChaChaPolyImpl = OpenSSLChaChaPolyImpl
#endif

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif


/// An implementation of the ChaCha20-Poly1305 cipher.
public enum ChaChaPoly: Cipher {
Expand Down
6 changes: 6 additions & 0 deletions Sources/Crypto/AEADs/Cipher.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,13 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif


protocol AEADSealedBox {
associatedtype Nonce: Sequence
Expand Down
15 changes: 11 additions & 4 deletions Sources/Crypto/AEADs/Nonces.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,18 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else
#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif
// MARK: - Generated file, do NOT edit
// any edits of this file WILL be overwritten and thus discarded
// see section `gyb` in `README` for details.




// MARK: - AES.GCM + Nonce
extension AES.GCM {
/// A value used once during a cryptographic operation and then discarded.
Expand Down Expand Up @@ -47,8 +54,8 @@ extension AES.GCM {
/// ``init()`` method to instead create a random nonce.
///
/// - Parameters:
/// - data: A 12-byte data representation of the nonce. The initializer throws an
/// error if the data has a length other than 12 bytes.
/// - data: A data representation of the nonce.
/// The initializer throws an error if the data has a length smaller than 12 bytes.
public init<D: DataProtocol>(data: D) throws {
if data.count < AES.GCM.defaultNonceByteCount {
throw CryptoKitError.incorrectParameterSize
Expand Down Expand Up @@ -109,8 +116,8 @@ extension ChaChaPoly {
/// ``init()`` method to instead create a random nonce.
///
/// - Parameters:
/// - data: A 12-byte data representation of the nonce. The initializer throws an
/// error if the data has a length other than 12 bytes.
/// - data: A 12-byte data representation of the nonce.
/// The initializer throws an error if the data isn't 12 bytes long.
public init<D: DataProtocol>(data: D) throws {
if data.count != ChaChaPoly.nonceByteCount {
throw CryptoKitError.incorrectParameterSize
Expand Down
18 changes: 15 additions & 3 deletions Sources/Crypto/AEADs/Nonces.swift.gyb
Original file line number Diff line number Diff line change
Expand Up @@ -14,18 +14,31 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else
#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif
// MARK: - Generated file, do NOT edit
// any edits of this file WILL be overwritten and thus discarded
// see section `gyb` in `README` for details.

%{
ciphers = [{"name": "AES.GCM", "recommendedNonceSize": "AES.GCM.defaultNonceByteCount", "nonceValidation": "< AES.GCM.defaultNonceByteCount"},{"name": "ChaChaPoly", "recommendedNonceSize": "ChaChaPoly.nonceByteCount", "nonceValidation": "!= ChaChaPoly.nonceByteCount"}]
ciphers = [{"name": "AES.GCM", "recommendedNonceSize": "AES.GCM.defaultNonceByteCount", "nonceValidation": "< AES.GCM.defaultNonceByteCount", "dataDescription": "/// - data: A data representation of the nonce.\n/// The initializer throws an error if the data has a length smaller than 12 bytes."}]

if "NO_CHACHAPOLY" in globals():
pass
else:
ciphers.append({"name": "ChaChaPoly", "recommendedNonceSize": "ChaChaPoly.nonceByteCount", "nonceValidation": "!= ChaChaPoly.nonceByteCount", "dataDescription": "/// - data: A 12-byte data representation of the nonce.\n/// The initializer throws an error if the data isn't 12 bytes long."})
}%


% for cipher in ciphers:
%{
name = cipher["name"]
nonceSize = cipher["recommendedNonceSize"]
nonceValidation = cipher["nonceValidation"]
dataDescription = cipher["dataDescription"]
}%

// MARK: - ${name} + Nonce
Expand Down Expand Up @@ -56,8 +69,7 @@ extension ${name} {
/// ``init()`` method to instead create a random nonce.
///
/// - Parameters:
/// - data: A 12-byte data representation of the nonce. The initializer throws an
/// error if the data has a length other than 12 bytes.
${dataDescription}
public init<D: DataProtocol>(data: D) throws {
if data.count ${nonceValidation} {
throw CryptoKitError.incorrectParameterSize
Expand Down
5 changes: 5 additions & 0 deletions Sources/Crypto/ASN1/ASN1.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

// This module implements "just enough" ASN.1. Specifically, we implement exactly enough ASN.1 DER parsing to handle
// the following use-cases:
Expand Down
5 changes: 5 additions & 0 deletions Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Any.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
/// An ASN1 ANY represents...well, anything.
Expand Down
5 changes: 5 additions & 0 deletions Sources/Crypto/ASN1/Basic ASN1 Types/ASN1BitString.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
/// A bitstring is a representation of...well...some bits.
Expand Down
5 changes: 5 additions & 0 deletions Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Boolean.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension Bool: ASN1ImplicitlyTaggable {
static var defaultIdentifier: ASN1.ASN1Identifier {
Expand Down
5 changes: 5 additions & 0 deletions Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Identifier.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
/// An `ASN1Identifier` is a representation of the abstract notion of an ASN.1 identifier. Identifiers have a number of properties that relate to both the specific
Expand Down
9 changes: 7 additions & 2 deletions Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Integer.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,15 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

/// A protocol that represents any internal object that can present itself as an INTEGER, or be parsed from
/// an INTEGER.
/// A protocol that represents any internal object that can present itself as a INTEGER, or be parsed from
/// a INTEGER.
///
/// This is not a very good solution for a fully-fledged ASN.1 library: we'd rather have a better numerics
/// protocol that could both initialize from and serialize to either bytes or words. However, no such
Expand Down
5 changes: 5 additions & 0 deletions Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Null.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
/// An ASN1 NULL represents nothing.
Expand Down
5 changes: 5 additions & 0 deletions Sources/Crypto/ASN1/Basic ASN1 Types/ASN1OctetString.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
/// An octet string is a representation of a string of octets.
Expand Down
5 changes: 5 additions & 0 deletions Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Strings.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
/// A UTF8String is roughly what it sounds like. We note that all the string types are encoded as implicitly tagged
Expand Down
6 changes: 6 additions & 0 deletions Sources/Crypto/ASN1/Basic ASN1 Types/ArraySliceBigint.swift
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,12 @@
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

// For temporary purposes we pretend that ArraySlice is our "bigint" type. We don't really need anything else.
extension ArraySlice: ASN1Serializable where Element == UInt8 { }

Expand Down
5 changes: 5 additions & 0 deletions Sources/Crypto/ASN1/Basic ASN1 Types/GeneralizedTime.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
struct GeneralizedTime: ASN1ImplicitlyTaggable, Hashable {
Expand Down
5 changes: 5 additions & 0 deletions Sources/Crypto/ASN1/Basic ASN1 Types/ObjectIdentifier.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
/// An Object Identifier is a representation of some kind of object: really any kind of object.
Expand Down
9 changes: 9 additions & 0 deletions Sources/Crypto/ASN1/ECDSASignature.swift
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,18 @@
//
//===----------------------------------------------------------------------===//
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
#if CRYPTOKIT_STATIC_LIBRARY
@_exported import CryptoKit_Static
#else
@_exported import CryptoKit
#endif
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
/// An ECDSA signature is laid out as follows:
Expand Down
9 changes: 9 additions & 0 deletions Sources/Crypto/ASN1/PEMDocument.swift
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,18 @@
//
//===----------------------------------------------------------------------===//
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
#if CRYPTOKIT_STATIC_LIBRARY
@_exported import CryptoKit_Static
#else
@_exported import CryptoKit
#endif
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
/// A PEM document is some data, and a discriminator type that is used to advertise the content.
Expand Down
4 changes: 4 additions & 0 deletions Sources/Crypto/ASN1/PKCS8PrivateKey.swift
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,11 @@
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@_exported import CryptoKit
#else
#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
// A PKCS#8 private key is one of two formats, depending on the version:
Expand Down
9 changes: 9 additions & 0 deletions Sources/Crypto/ASN1/SEC1PrivateKey.swift
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,18 @@
//
//===----------------------------------------------------------------------===//
#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
#if CRYPTOKIT_STATIC_LIBRARY
@_exported import CryptoKit_Static
#else
@_exported import CryptoKit
#endif
#else

#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
import SwiftSystem
#else
import Foundation
#endif

extension ASN1 {
// For private keys, SEC 1 uses:
Expand Down
Loading

0 comments on commit 0fea5a4

Please sign in to comment.