Merge pull request #3 from apple/main

Update branch

Author: fpseverino

.PrivacyInfo.xcprivacy

@@ -127,7 +127,7 @@ let package = Package(
             resources: [
                 .copy("PrivacyInfo.xcprivacy"),
             ],
-            swiftSettings: swiftSettings
+            swiftSettings: swiftSettings + [.define("MODULE_IS_CRYPTO")]
         ),
         .target(
             name: "_CryptoExtras",

Package.swift

@@ -7,9 +7,9 @@ Swift Crypto is an open-source implementation of a substantial portion of the AP
 Swift Crypto is available as a Swift Package Manager package. To use it, add the following dependency in your `Package.swift`:
 
 ```swift
-// swift-crypto 1.x and 2.x are almost API compatible, so most clients should
-// allow either
-.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0" ..< "3.0.0"),
+// swift-crypto 1.x, 2.x and 3.x are almost API compatible, so most clients
+// should allow any of them
+.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0" ..< "4.0.0"),
 ```
 
 and to your target, add `Crypto` to your dependencies. You can then `import Crypto` to get access to Swift Crypto's functionality.

README.md

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>NSPrivacyTracking</key>
+    <false/>
+    <key>NSPrivacyAccessedAPITypes</key>
+    <array/>
+    <key>NSPrivacyCollectedDataTypes</key>
+    <array/>
+    <key>NSPrivacyTrackingDomains</key>
+    <array/>
+</dict>
+</plist>
+

Sources/CCryptoBoringSSL/PrivacyInfo.xcprivacy

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>NSPrivacyTracking</key>
+    <false/>
+    <key>NSPrivacyAccessedAPITypes</key>
+    <array/>
+    <key>NSPrivacyCollectedDataTypes</key>
+    <array/>
+    <key>NSPrivacyTrackingDomains</key>
+    <array/>
+</dict>
+</plist>
+

Sources/CCryptoBoringSSL/PrivacyInfo.xcprivacy

@@ -101,6 +101,8 @@ BIGNUM *CCryptoBoringSSLShims_BN_bin2bn(const void *in, size_t len, BIGNUM *ret)
 
 size_t CCryptoBoringSSLShims_BN_bn2bin(const BIGNUM *in, void *out);
 
+int CCryptoBoringSSLShims_BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
 int CCryptoBoringSSLShims_RSA_verify(int hash_nid, const void *msg, size_t msg_len,
                                      const void *sig, size_t sig_len, RSA *rsa);
 

Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols.h

@@ -118,6 +118,10 @@ size_t CCryptoBoringSSLShims_BN_bn2bin(const BIGNUM *in, void *out) {
     return CCryptoBoringSSL_BN_bn2bin(in, out);
 }
 
+int CCryptoBoringSSLShims_BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) {
+    return BN_mod(rem, a, m, ctx);
+}
+
 int CCryptoBoringSSLShims_RSA_verify(int hash_nid, const void *msg, size_t msg_len,
                                      const void *sig, size_t sig_len, RSA *rsa) {
     return CCryptoBoringSSL_RSA_verify(hash_nid, msg, msg_len, sig, sig_len, rsa);

Sources/CCryptoBoringSSLShims/PrivacyInfo.xcprivacy

@@ -86,11 +86,11 @@ add_library(Crypto
   "Signatures/ECDSA.swift"
   "Signatures/Ed25519.swift"
   "Signatures/Signature.swift"
-  "Util/BoringSSL/ArbitraryPrecisionInteger_boring.swift"
   "Util/BoringSSL/CryptoKitErrors_boring.swift"
-  "Util/BoringSSL/FiniteFieldArithmeticContext_boring.swift"
   "Util/BoringSSL/RNG_boring.swift"
   "Util/BoringSSL/SafeCompare_boring.swift"
+  "Util/BoringSSL/Shared/ArbitraryPrecisionInteger_boring.swift"
+  "Util/BoringSSL/Shared/FiniteFieldArithmeticContext_boring.swift"
   "Util/BoringSSL/Zeroization_boring.swift"
   "Util/PrettyBytes.swift"
   "Util/SafeCompare.swift"

Sources/CCryptoBoringSSLShims/PrivacyInfo.xcprivacy

@@ -19,44 +19,128 @@
 protocol HashFunctionImplementationDetails: HashFunction where Digest: DigestPrivate {}
 
 protocol BoringSSLBackedHashFunction: HashFunctionImplementationDetails {
-    static var digestType: DigestContext.DigestType { get }
+    associatedtype Context
+    static var digestSize: Int { get }
+    static func initialize() -> Context?
+    static func update(_ context: inout Context, data: UnsafeRawBufferPointer) -> Bool
+    static func finalize(_ context: inout Context, digest: UnsafeMutableRawBufferPointer) -> Bool
 }
 
 extension Insecure.MD5: BoringSSLBackedHashFunction {
-    static var digestType: DigestContext.DigestType {
-        .md5
+    static var digestSize: Int {
+        Int(MD5_DIGEST_LENGTH)
+    }
+
+    static func initialize() -> MD5_CTX? {
+        var context = MD5_CTX()
+        guard CCryptoBoringSSL_MD5_Init(&context) == 1 else {
+            return nil
+        }
+        return context
+    }
+
+    static func update(_ context: inout MD5_CTX, data: UnsafeRawBufferPointer) -> Bool {
+        CCryptoBoringSSL_MD5_Update(&context, data.baseAddress, data.count) == 1
+    }
+
+    static func finalize(_ context: inout MD5_CTX, digest: UnsafeMutableRawBufferPointer) -> Bool {
+        CCryptoBoringSSL_MD5_Final(digest.baseAddress, &context) == 1
     }
 }
 
 extension Insecure.SHA1: BoringSSLBackedHashFunction {
-    static var digestType: DigestContext.DigestType {
-        .sha1
+    static var digestSize: Int {
+        Int(SHA_DIGEST_LENGTH)
+    }
+
+    static func initialize() -> SHA_CTX? {
+        var context = SHA_CTX()
+        guard CCryptoBoringSSL_SHA1_Init(&context) == 1 else {
+            return nil
+        }
+        return context
+    }
+
+    static func update(_ context: inout SHA_CTX, data: UnsafeRawBufferPointer) -> Bool {
+        CCryptoBoringSSL_SHA1_Update(&context, data.baseAddress, data.count) == 1
+    }
+
+    static func finalize(_ context: inout SHA_CTX, digest: UnsafeMutableRawBufferPointer) -> Bool {
+        CCryptoBoringSSL_SHA1_Final(digest.baseAddress, &context) == 1
     }
 }
 
 extension SHA256: BoringSSLBackedHashFunction {
-    static var digestType: DigestContext.DigestType {
-        .sha256
+    static var digestSize: Int {
+        Int(SHA256_DIGEST_LENGTH)
+    }
+
+    static func initialize() -> SHA256_CTX? {
+        var context = SHA256_CTX()
+        guard CCryptoBoringSSL_SHA256_Init(&context) == 1 else {
+            return nil
+        }
+        return context
+    }
+
+    static func update(_ context: inout SHA256_CTX, data: UnsafeRawBufferPointer) -> Bool {
+        CCryptoBoringSSL_SHA256_Update(&context, data.baseAddress, data.count) == 1
+    }
+
+    static func finalize(_ context: inout SHA256_CTX, digest: UnsafeMutableRawBufferPointer) -> Bool {
+        CCryptoBoringSSL_SHA256_Final(digest.baseAddress, &context) == 1
     }
 }
 
 extension SHA384: BoringSSLBackedHashFunction {
-    static var digestType: DigestContext.DigestType {
-        .sha384
+    static var digestSize: Int {
+        Int(SHA384_DIGEST_LENGTH)
+    }
+
+    static func initialize() -> SHA512_CTX? {
+        var context = SHA512_CTX()
+        guard CCryptoBoringSSL_SHA384_Init(&context) == 1 else {
+            return nil
+        }
+        return context
+    }
+
+    static func update(_ context: inout SHA512_CTX, data: UnsafeRawBufferPointer) -> Bool {
+        CCryptoBoringSSL_SHA384_Update(&context, data.baseAddress, data.count) == 1
+    }
+
+    static func finalize(_ context: inout SHA512_CTX, digest: UnsafeMutableRawBufferPointer) -> Bool {
+        CCryptoBoringSSL_SHA384_Final(digest.baseAddress, &context) == 1
     }
 }
 
 extension SHA512: BoringSSLBackedHashFunction {
-    static var digestType: DigestContext.DigestType {
-        .sha512
+    static var digestSize: Int {
+        Int(SHA512_DIGEST_LENGTH)
+    }
+
+    static func initialize() -> SHA512_CTX? {
+        var context = SHA512_CTX()
+        guard CCryptoBoringSSL_SHA512_Init(&context) == 1 else {
+            return nil
+        }
+        return context
+    }
+
+    static func update(_ context: inout SHA512_CTX, data: UnsafeRawBufferPointer) -> Bool {
+        CCryptoBoringSSL_SHA512_Update(&context, data.baseAddress, data.count) == 1
+    }
+
+    static func finalize(_ context: inout SHA512_CTX, digest: UnsafeMutableRawBufferPointer) -> Bool {
+        CCryptoBoringSSL_SHA512_Final(digest.baseAddress, &context) == 1
     }
 }
 
 struct OpenSSLDigestImpl<H: BoringSSLBackedHashFunction> {
-    private var context: DigestContext
+    private var context: DigestContext<H>
 
     init() {
-        self.context = DigestContext(digest: H.digestType)
+        self.context = DigestContext()
     }
 
     internal mutating func update(data: UnsafeRawBufferPointer) {
@@ -67,81 +151,49 @@ struct OpenSSLDigestImpl<H: BoringSSLBackedHashFunction> {
     }
 
     internal func finalize() -> H.Digest {
-        // To have a non-destructive finalize operation we must allocate.
-        let copyContext = DigestContext(copying: self.context)
-        let digestBytes = copyContext.finalize()
-        return digestBytes.withUnsafeBytes {
-            // We force unwrap here because if the digest size is wrong it's an internal error.
-            H.Digest(bufferPointer: $0)!
-        }
+        self.context.finalize()
     }
 }
 
-class DigestContext {
-    private var contextPointer: UnsafeMutablePointer<EVP_MD_CTX>
+fileprivate final class DigestContext<H: BoringSSLBackedHashFunction> {
+    private var context: H.Context
 
-    init(digest: DigestType) {
-        // We force unwrap because we cannot recover from allocation failure.
-        self.contextPointer = CCryptoBoringSSL_EVP_MD_CTX_new()!
-        guard CCryptoBoringSSL_EVP_DigestInit(self.contextPointer, digest.dispatchTable) != 0 else {
-            // We can't do much but crash here.
-            fatalError("Unable to initialize digest state: \(CCryptoBoringSSL_ERR_get_error())")
+    init() {
+        guard let contex = H.initialize() else {
+            preconditionFailure("Unable to initialize digest state")
         }
+        self.context = contex
     }
 
     init(copying original: DigestContext) {
-        // We force unwrap because we cannot recover from allocation failure.
-        self.contextPointer = CCryptoBoringSSL_EVP_MD_CTX_new()!
-        guard CCryptoBoringSSL_EVP_MD_CTX_copy(self.contextPointer, original.contextPointer) != 0 else {
-            // We can't do much but crash here.
-            fatalError("Unable to copy digest state: \(CCryptoBoringSSL_ERR_get_error())")
-        }
+        self.context = original.context
     }
 
     func update(data: UnsafeRawBufferPointer) {
-        guard let baseAddress = data.baseAddress else {
-            return
+        guard H.update(&self.context, data: data) else {
+            preconditionFailure("Unable to update digest state")
         }
-
-        CCryptoBoringSSL_EVP_DigestUpdate(self.contextPointer, baseAddress, data.count)
     }
 
-    // This finalize function is _destructive_: do not call it if you want to reuse the object!
-    func finalize() -> [UInt8] {
-        let digestSize = CCryptoBoringSSL_EVP_MD_size(self.contextPointer.pointee.digest)
-        var digestBytes = Array(repeating: UInt8(0), count: digestSize)
-        var count = UInt32(digestSize)
-
-        digestBytes.withUnsafeMutableBufferPointer { digestPointer in
-            assert(digestPointer.count == count)
-            CCryptoBoringSSL_EVP_DigestFinal(self.contextPointer, digestPointer.baseAddress, &count)
+    func finalize() -> H.Digest {
+        var copyContext = self.context
+        defer {
+            withUnsafeMutablePointer(to: &copyContext) { $0.zeroize() }
+        }
+        return withUnsafeTemporaryAllocation(byteCount: H.digestSize, alignment: 1) { digestPointer in
+            defer {
+                digestPointer.zeroize()
+            }
+            guard H.finalize(&copyContext, digest: digestPointer) else {
+                preconditionFailure("Unable to finalize digest state")
+            }
+            // We force unwrap here because if the digest size is wrong it's an internal error.
+            return H.Digest(bufferPointer: UnsafeRawBufferPointer(digestPointer))!
         }
-
-        return digestBytes
     }
 
     deinit {
-        CCryptoBoringSSL_EVP_MD_CTX_free(self.contextPointer)
-    }
-}
-
-extension DigestContext {
-    struct DigestType {
-        var dispatchTable: OpaquePointer
-
-        private init(_ dispatchTable: OpaquePointer) {
-            self.dispatchTable = dispatchTable
-        }
-
-        static let md5 = DigestType(CCryptoBoringSSL_EVP_md5())
-
-        static let sha1 = DigestType(CCryptoBoringSSL_EVP_sha1())
-
-        static let sha256 = DigestType(CCryptoBoringSSL_EVP_sha256())
-
-        static let sha384 = DigestType(CCryptoBoringSSL_EVP_sha384())
-
-        static let sha512 = DigestType(CCryptoBoringSSL_EVP_sha512())
+        withUnsafeMutablePointer(to: &self.context) { $0.zeroize() }
     }
 }
 #endif // CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API

Sources/CCryptoBoringSSLShims/include/CCryptoBoringSSLShims.h

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>NSPrivacyTracking</key>
+    <false/>
+    <key>NSPrivacyAccessedAPITypes</key>
+    <array/>
+    <key>NSPrivacyCollectedDataTypes</key>
+    <array/>
+    <key>NSPrivacyTrackingDomains</key>
+    <array/>
+</dict>
+</plist>
+