Update code to 2024 SDK release

README.md

@@ -130,10 +130,14 @@ SemVer and Swift Crypto's Public API guarantees should result in a working progr
 
 Swift Crypto 2.0.0 was released in September 2021. The only breaking change between Swift Crypto 2.0.0 and 1.0.0 was the addition of new cases in the `CryptoKitError` enumeration. For most users, then, it's safe to depend on either the 1.0.0 _or_ 2.0.0 series of releases.
 
+Swift Crypto 3.0.0 was released in September 2023. The only breaking change between Swift Crypto 3.0.0 and 2.0.0 was the addition of new cases in the `CryptoKitError` enumeration. For most users, then, it's safe to depend on either the 1.0.0 _or_ 2.0.0 _or_ 3.0.0 series of releases.
+
+Swift Crypto 4.0.0 was released in October 2024. The only breaking change was the removal of the non-functional setters for `blockByteSize` on the hash functions, which triggered a `fatalError` if they were ever called. For most users, then, it is safe to depend on the entire range from 1.0.0 to 4.0.0 inclusive.
+
 To do so, please use the following dependency in your `Package.swift`:
 
 ```swift
-.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0" ..< "3.0.0"),
+.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0" ..< "5.0.0"),
 ```
 
 ### Developing Swift Crypto on macOS

Sources/Crypto/AEADs/AES/GCM/AES-GCM.swift

@@ -14,14 +14,17 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
-#if !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+#if (!CRYPTO_IN_SWIFTPM_FORCE_BUILD_API) || CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
 typealias AESGCMImpl = CoreCryptoGCMImpl
-import Security
 #else
 typealias AESGCMImpl = OpenSSLAESGCMImpl
 #endif
 
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension AES {
     /// The Advanced Encryption Standard (AES) Galois Counter Mode (GCM) cipher

Sources/Crypto/AEADs/ChachaPoly/ChaChaPoly.swift

@@ -14,14 +14,18 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
-#if !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+#if (!CRYPTO_IN_SWIFTPM_FORCE_BUILD_API) || CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
 typealias ChaChaPolyImpl = CoreCryptoChaChaPolyImpl
-import Security
 #else
 typealias ChaChaPolyImpl = OpenSSLChaChaPolyImpl
 #endif
 
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
+
 
 /// An implementation of the ChaCha20-Poly1305 cipher.
 public enum ChaChaPoly: Cipher {

Sources/Crypto/AEADs/Cipher.swift

@@ -14,7 +14,13 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
+
 
 protocol AEADSealedBox {
     associatedtype Nonce: Sequence

Sources/Crypto/AEADs/Nonces.swift

@@ -14,11 +14,18 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 // MARK: - Generated file, do NOT edit
 // any edits of this file WILL be overwritten and thus discarded
 // see section `gyb` in `README` for details.
 
+
+
+
 // MARK: - AES.GCM + Nonce
 extension AES.GCM {
     /// A value used once during a cryptographic operation and then discarded.
@@ -47,8 +54,8 @@ extension AES.GCM {
         /// ``init()`` method to instead create a random nonce.
         ///
         /// - Parameters:
-        ///   - data: A 12-byte data representation of the nonce. The initializer throws an
-        /// error if the data has a length other than 12 bytes.
+///   - data: A data representation of the nonce.
+///     The initializer throws an error if the data has a length smaller than 12 bytes.
         public init<D: DataProtocol>(data: D) throws {
             if data.count < AES.GCM.defaultNonceByteCount {
                 throw CryptoKitError.incorrectParameterSize
@@ -109,8 +116,8 @@ extension ChaChaPoly {
         /// ``init()`` method to instead create a random nonce.
         ///
         /// - Parameters:
-        ///   - data: A 12-byte data representation of the nonce. The initializer throws an
-        /// error if the data has a length other than 12 bytes.
+///   - data: A 12-byte data representation of the nonce.
+///     The initializer throws an error if the data isn't 12 bytes long.
         public init<D: DataProtocol>(data: D) throws {
             if data.count != ChaChaPoly.nonceByteCount {
                 throw CryptoKitError.incorrectParameterSize

Sources/Crypto/AEADs/Nonces.swift.gyb

@@ -14,18 +14,31 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 // MARK: - Generated file, do NOT edit
 // any edits of this file WILL be overwritten and thus discarded
 // see section `gyb` in `README` for details.
+
 %{
-ciphers = [{"name": "AES.GCM", "recommendedNonceSize": "AES.GCM.defaultNonceByteCount", "nonceValidation": "< AES.GCM.defaultNonceByteCount"},{"name": "ChaChaPoly", "recommendedNonceSize": "ChaChaPoly.nonceByteCount", "nonceValidation": "!= ChaChaPoly.nonceByteCount"}]
+ciphers = [{"name": "AES.GCM", "recommendedNonceSize": "AES.GCM.defaultNonceByteCount", "nonceValidation": "< AES.GCM.defaultNonceByteCount", "dataDescription": "///   - data: A data representation of the nonce.\n///     The initializer throws an error if the data has a length smaller than 12 bytes."}]
+
+if "NO_CHACHAPOLY" in globals():
+    pass
+else:
+    ciphers.append({"name": "ChaChaPoly", "recommendedNonceSize": "ChaChaPoly.nonceByteCount", "nonceValidation": "!= ChaChaPoly.nonceByteCount", "dataDescription": "///   - data: A 12-byte data representation of the nonce.\n///     The initializer throws an error if the data isn't 12 bytes long."})
 }%
+
+
 % for cipher in ciphers:
 %{
 name = cipher["name"]
 nonceSize = cipher["recommendedNonceSize"]
 nonceValidation = cipher["nonceValidation"]
+dataDescription = cipher["dataDescription"]
 }%
 
 // MARK: - ${name} + Nonce
@@ -56,8 +69,7 @@ extension ${name} {
         /// ``init()`` method to instead create a random nonce.
         ///
         /// - Parameters:
-        ///   - data: A 12-byte data representation of the nonce. The initializer throws an
-        /// error if the data has a length other than 12 bytes.
+${dataDescription}
         public init<D: DataProtocol>(data: D) throws {
             if data.count ${nonceValidation} {
                 throw CryptoKitError.incorrectParameterSize

Sources/Crypto/ASN1/ASN1.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 // This module implements "just enough" ASN.1. Specifically, we implement exactly enough ASN.1 DER parsing to handle
 // the following use-cases:

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Any.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An ASN1 ANY represents...well, anything.

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1BitString.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// A bitstring is a representation of...well...some bits.

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Boolean.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension Bool: ASN1ImplicitlyTaggable {
     static var defaultIdentifier: ASN1.ASN1Identifier {

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Identifier.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An `ASN1Identifier` is a representation of the abstract notion of an ASN.1 identifier. Identifiers have a number of properties that relate to both the specific

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Integer.swift

@@ -14,10 +14,15 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
-/// A protocol that represents any internal object that can present itself as an INTEGER, or be parsed from
-/// an INTEGER.
+/// A protocol that represents any internal object that can present itself as a INTEGER, or be parsed from
+/// a INTEGER.
 ///
 /// This is not a very good solution for a fully-fledged ASN.1 library: we'd rather have a better numerics
 /// protocol that could both initialize from and serialize to either bytes or words. However, no such

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Null.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An ASN1 NULL represents nothing.

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1OctetString.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An octet string is a representation of a string of octets.

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Strings.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// A UTF8String is roughly what it sounds like. We note that all the string types are encoded as implicitly tagged

Sources/Crypto/ASN1/Basic ASN1 Types/ArraySliceBigint.swift

@@ -15,6 +15,12 @@
 @_exported import CryptoKit
 #else
 
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
+import Foundation
+#endif
+
 // For temporary purposes we pretend that ArraySlice is our "bigint" type. We don't really need anything else.
 extension ArraySlice: ASN1Serializable where Element == UInt8 { }
 

Sources/Crypto/ASN1/Basic ASN1 Types/GeneralizedTime.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     struct GeneralizedTime: ASN1ImplicitlyTaggable, Hashable {

Sources/Crypto/ASN1/Basic ASN1 Types/ObjectIdentifier.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An Object Identifier is a representation of some kind of object: really any kind of object.

Sources/Crypto/ASN1/ECDSASignature.swift

@@ -12,9 +12,18 @@
 //
 //===----------------------------------------------------------------------===//
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+#if CRYPTOKIT_STATIC_LIBRARY
+@_exported import CryptoKit_Static
+#else
 @_exported import CryptoKit
+#endif
+#else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
 #else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An ECDSA signature is laid out as follows:

Sources/Crypto/ASN1/PEMDocument.swift

@@ -12,9 +12,18 @@
 //
 //===----------------------------------------------------------------------===//
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+#if CRYPTOKIT_STATIC_LIBRARY
+@_exported import CryptoKit_Static
+#else
 @_exported import CryptoKit
+#endif
+#else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
 #else
 import Foundation
+#endif
 
 extension ASN1 {
     /// A PEM document is some data, and a discriminator type that is used to advertise the content.

Sources/Crypto/ASN1/PKCS8PrivateKey.swift

@@ -14,7 +14,11 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     // A PKCS#8 private key is one of two formats, depending on the version:

Sources/Crypto/ASN1/SEC1PrivateKey.swift

@@ -12,9 +12,18 @@
 //
 //===----------------------------------------------------------------------===//
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+#if CRYPTOKIT_STATIC_LIBRARY
+@_exported import CryptoKit_Static
+#else
 @_exported import CryptoKit
+#endif
+#else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
 #else
 import Foundation
+#endif
 
 extension ASN1 {
     // For private keys, SEC 1 uses: