apple/swift-crypto apple/swift-crypto

  • Stars
    star
    1,400
  • Rank 32,246 (Top 0.7 %)
  • Language
    C
  • License
    Apache License 2.0
  • Created almost 5 years ago
  • Updated 25 days ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
apple/swift-crypto
github

apple

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Open-source implementation of a substantial portion of the API of Apple CryptoKit suitable for use on Linux platforms.

Swift Crypto

Swift Crypto is an open-source implementation of a substantial portion of the API of Apple CryptoKit suitable for use on Linux platforms. It enables cross-platform or server applications with the advantages of CryptoKit.

Using Swift Crypto

Swift Crypto is available as a Swift Package Manager package. To use it, add the following dependency in your Package.swift:

// swift-crypto 1.x and 2.x are almost API compatible, so most clients should
// allow either
.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0" ..< "3.0.0"),

and to your target, add Crypto to your dependencies. You can then import Crypto to get access to Swift Crypto's functionality.

Functionality

Swift Crypto exposes the portions of the CryptoKit API that do not rely on specialised hardware to any Swift application. It provides safe APIs that abstract over the complexity of many cryptographic primitives that need to be used in modern applications. These APIs encourage safe usages of the underlying primitives, follow cryptographic best practices, and should be the first choice for building applications that need to use cryptography.

The current features of Swift Crypto cover key exchange, key derivation, encryption and decryption, hashing, message authentication, and more.

For specific API documentation, please see our documentation.

Implementation

Swift Crypto compiles in two distinct modes depending on the platform for which it is being built.

When building Swift Crypto for use on an Apple platform where CryptoKit is already available, Swift Crypto compiles its entire API surface down to nothing and simply re-exports the API of CryptoKit. This means that when using Apple platforms Swift Crypto simply delegates all work to the core implementation of CryptoKit, as though Swift Crypto was not even there.

When building Swift Crypto for use on Linux, Swift Crypto builds substantially more code. In particular, we build:

  1. A vendored copy of BoringSSL's libcrypto.
  2. The common API of Swift Crypto and CryptoKit.
  3. The backing implementation of this common API, which calls into BoringSSL.

The API code, and some cryptographic primitives which are directly implemented in Swift, are exactly the same for both Apple CryptoKit and Swift Crypto. The backing BoringSSL-based implementation is unique to Swift Crypto.

Evolution

The vast majority of the Swift Crypto code is intended to remain in lockstep with the current version of Apple CryptoKit. For this reason, patches that extend the API of Swift Crypto will be evaluated cautiously. For any such extension there are two possible outcomes for adding the API.

Firstly, if the API is judged to be generally valuable and suitable for contribution to Apple CryptoKit, the API will be merged into a Staging namespace in Swift Crypto. This Staging namespace is a temporary home for any API that is expected to become available in Apple CryptoKit but that is not available today. This enables users to use the API soon after merging. When the API is generally available in CryptoKit the API will be deprecated in the Staging namespace and made available in the main Swift Crypto namespace.

Secondly, if the API is judged not to meet the criteria for acceptance in general CryptoKit but is sufficiently important to have available for server use-cases, it will be merged into a Server namespace. APIs are not expected to leave this namespace, as it indicates that they are not generally available but can only be accessed when using Swift Crypto.

Note that Swift Crypto does not intend to support all possible cryptographic primitives. Swift Crypto will focus on safe, modern cryptographic primitives that are broadly useful and that do not easily lend themselves to misuse. This means that some cryptographic algorithms may never be supported: for example, 3DES is highly unlikely to ever be supported by Swift Crypto due to the difficulty of safely deploying it and its legacy status. Please be aware when proposing the addition of new primitives to Swift Crypto that the proposal may be refused for this reason.

Code Organisation

Files in this repository are divided into two groups, based on whether they have a name that ends in _boring or are in a BoringSSL directory, or if they are not.

Files that meet the above criteria are specific to the Swift Crypto implementation. Changes to these files can be made fairly easily, so long as they meet the criteria below. If your file needs to import CCryptoBoringSSL or access a BoringSSL API, it needs to be marked this way.

Files that do not have the _boring suffix are part of the public API of CryptoKit. Changing these requires passing a higher bar, as any change in these files must be accompanied by a change in CryptoKit itself.

Contributing

Before contributing please read CONTRIBUTING.md, also make sure to read the two following sections.

Contributing new primitives

To contribute a new cryptographic primitive to Swift Crypto, you should address the following questions:

  1. What is the new primitive for?
  2. How widely is it deployed?
  3. Is it specified in any public specifications or used by any such specification?
  4. How easy is it to misuse?
  5. In what way does Swift Crypto fail to satisfy that use-case today?

In addition, new primitive implementations will only be accepted in cases where the implementation is thoroughly tested, including being tested with all currently available test vectors. If the Wycheproof project provides vectors for the algorithm those should be tested as well. It must be possible to ensure that we can appropriately regression test our implementations.

Contributing bug fixes

If you discover a bug with Swift Crypto, please report it via GitHub.

If you are interested in fixing a bug, feel free to open a pull request. Please also submit regression tests with bug fixes to ensure that they are not regressed in future.

If you have issues with CryptoKit, instead of Swift Crypto, please use Feedback Assistant to file those issues as you normally would.

Get started contributing

gyb

Some of the files in this project are autogenerated (metaprogramming) using the Swift Utils tools called gyb ("generate your boilerplate"). gyb is included in ./scripts/gyb.

gyb will generate some Foobar.swift Swift file from some Foobar.swift.gyb template file. You should not edit Foobar.swift directly, since all manual edits in that generated file will be overwritten the next time gyb is run.

You run gyb for a single file like so:

./scripts/gyb --line-directive "" Sources/Foobar.swift.gyb -o Sources/Foobar.swift

More conveniently you can run the bash script ./scripts/generate_boilerplate_files_with_gyb.sh to generate all Swift files from their corresponding gyb template.

If you add a new .gyb file, you should append a // MARK: - Generated file, do NOT edit warning inside it, e.g.

// MARK: - Generated file, do NOT edit
// any edits of this file WILL be overwritten and thus discarded
// see section `gyb` in `README` for details.

Security

If you believe you have identified a vulnerability in Swift Crypto, please report that vulnerability to Apple through the usual channel.

Swift versions

The most recent versions of Swift Crypto support Swift 5.6 and newer. The minimum Swift version supported by Swift Crypto releases are detailed below:

Swift Crypto Minimum Swift Version
2.0.0 ..< 2.1.0 5.2
2.1.0 ..< 2.2.0 5.4
2.2.0 ..< 2.4.2 5.5
2.4.2 ... 5.6

Compatibility

Swift Crypto follows SemVer 2.0.0. Our public API is the same as that of CryptoKit (except where we lack an implementation entirely), as well as everything in the Server and Staging namespaces. Any symbol beginning with an underscore, and any product beginning with an underscore, is not subject to semantic versioning: these APIs may change without warning. We do not maintain a stable ABI, as Swift Crypto is a source-only distribution.

What this means for you is that you should depend on Swift Crypto with a version range that covers everything from the minimum Swift Crypto version you require up to the next major version. In SwiftPM that can be easily done specifying for example from: "1.0.0" meaning that you support Swift Crypto in every version starting from 1.0.0 up to (excluding) 2.0.0. SemVer and Swift Crypto's Public API guarantees should result in a working program without having to worry about testing every single version for compatibility.

Swift Crypto 2.0.0 was released in September 2021. The only breaking change between Swift Crypto 2.0.0 and 1.0.0 was the addition of new cases in the CryptoKitError enumeration. For most users, then, it's safe to depend on either the 1.0.0 or 2.0.0 series of releases.

To do so, please use the following dependency in your Package.swift:

.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0" ..< "3.0.0"),

Developing Swift Crypto on macOS

Swift Crypto normally defers to the OS implementation of CryptoKit on macOS. Naturally, this makes developing Swift Crypto on macOS tricky. To get Swift Crypto to build the open source implementation on macOS, in Package.swift, uncomment the line that reads: //.define("CRYPTO_IN_SWIFTPM_FORCE_BUILD_API"), as this will force Swift Crypto to build its public API.

More Repositories

1

swift

The Swift Programming Language
C++
65,899
star
2

ml-stable-diffusion

Stable Diffusion with Core ML on Apple Silicon
Python
16,002
star
3

swift-evolution

This maintains proposals for changes and user-visible enhancements to the Swift Programming Language.
Markdown
15,013
star
4

foundationdb

FoundationDB - the open source, distributed, transactional key-value store
C++
13,947
star
5

turicreate

Turi Create simplifies the development of custom machine learning models.
C++
11,153
star
6

darwin-xnu

The Darwin Kernel (mirror). This repository is a pure mirror and contributions are currently not accepted via pull-requests, please submit your contributions via https://developer.apple.com/bug-reporting/
C
10,558
star
7

swift-package-manager

The Package Manager for the Swift Programming Language
Swift
9,592
star
8

ml-ferret

Python
7,576
star
9

swift-nio

Event-driven network application framework for high performance protocol servers & clients, non-blocking.
Swift
7,274
star
10

swift-algorithms

Commonly used sequence and collection algorithms for Swift
Swift
5,622
star
11

swift-corelibs-foundation

The Foundation Project, providing core utilities, internationalization, and OS independence
Swift
5,189
star
12

swift-protobuf

Plugin and runtime library for using protobuf with Swift
Swift
4,446
star
13

password-manager-resources

A place for creators and users of password managers to collaborate on resources to make password management better.
JavaScript
4,010
star
14

coremltools

Core ML tools contain supporting tools for Core ML model conversion, editing, and validation.
Python
3,974
star
15

ml-mgie

Python
3,682
star
16

tensorflow_macos

TensorFlow for macOS 11.0+ accelerated using Apple's ML Compute framework.
Shell
3,643
star
17

swift-collections

Commonly used data structures for Swift
Swift
3,434
star
18

pkl

A configuration as code language with rich validation and tooling.
Java
3,360
star
19

swift-argument-parser

Straightforward, type-safe argument parsing for Swift
Swift
3,163
star
20

sourcekit-lsp

Language Server Protocol implementation for Swift and C-based languages
Swift
3,110
star
21

swift-log

A Logging API for Swift
Swift
2,931
star
22

swift-syntax

A set of Swift libraries for parsing, inspecting, generating, and transforming Swift source code.
Swift
2,887
star
23

swift-async-algorithms

Async Algorithms for Swift
Swift
2,695
star
24

swift-markdown

A Swift package for parsing, building, editing, and analyzing Markdown documents.
Swift
2,586
star
25

HomeKitADK

C
2,456
star
26

ml-ane-transformers

Reference implementation of the Transformer architecture optimized for Apple Neural Engine (ANE)
Python
2,431
star
27

swift-corelibs-libdispatch

The libdispatch Project, (a.k.a. Grand Central Dispatch), for concurrency on multicore hardware
C
2,420
star
28

swift-format

Formatting technology for Swift source code
Swift
2,261
star
29

homebrew-apple

Ruby
2,227
star
30

swift-foundation

The Foundation project
Swift
2,088
star
31

cups

Apple CUPS Sources
C
1,828
star
32

sample-food-truck

SwiftUI sample code from WWDC22
Swift
1,695
star
33

ml-fastvit

This repository contains the official implementation of the research paper, "FastViT: A Fast Hybrid Vision Transformer using Structural Reparameterization" ICCV 2023
Python
1,693
star
34

ml-cvnets

CVNets: A library for training computer vision networks
Python
1,664
star
35

swift-book

The Swift Programming Language book
Markdown
1,616
star
36

swift-numerics

Advanced mathematical types and functions for Swift
Swift
1,602
star
37

ml-hypersim

Hypersim: A Photorealistic Synthetic Dataset for Holistic Indoor Scene Understanding
Python
1,495
star
38

swift-docker

Docker Official Image packaging for Swift
Dockerfile
1,331
star
39

ml-neuman

Official repository of NeuMan: Neural Human Radiance Field from a Single Video (ECCV 2022)
Python
1,233
star
40

swift-openapi-generator

Generate Swift client and server code from an OpenAPI document.
Swift
1,142
star
41

swift-system

Low-level system calls and types for Swift
Swift
1,137
star
42

swift-corelibs-xctest

The XCTest Project, A Swift core library for providing unit test support
Swift
1,120
star
43

swift-docc

Documentation compiler that produces rich API reference documentation and interactive tutorials for your Swift framework or package.
Swift
1,093
star
44

swift-llbuild

A low-level build system, used by Xcode and the Swift Package Manager
C++
1,067
star
45

swift-atomics

Low-level atomic operations for Swift
Swift
1,004
star
46

swift-testing

Swift
981
star
47

servicetalk

A networking framework that evolves with your application
Java
881
star
48

swift-http-types

Version-independent HTTP currency types for Swift
Swift
815
star
49

swift-llvm

LLVM
815
star
50

swift-driver

Swift compiler driver reimplementation in Swift
Swift
764
star
51

swift-protobuf-plugin

Moved to apple/swift-protobuf
757
star
52

swift-lldb

This is the version of LLDB that supports the Swift programming language & REPL.
C++
673
star
53

swift-clang

C++
673
star
54

unityplugins

C#
645
star
55

ml-mobileone

This repository contains the official implementation of the research paper, "An Improved One millisecond Mobile Backbone".
Swift
641
star
56

ml-gaudi

602
star
57

ml-aim

This repository provides the code and model checkpoints of the research paper: Scalable Pre-training of Large Autoregressive Image Models
Python
602
star
58

swift-metrics

Metrics API for Swift
Swift
602
star
59

axlearn

Python
564
star
60

swift-distributed-actors

Peer-to-peer cluster implementation for Swift Distributed Actors
Swift
562
star
61

ARKitScenes

This repo accompanies the research paper, ARKitScenes - A Diverse Real-World Dataset for 3D Indoor Scene Understanding Using Mobile RGB-D Data and contains the data, scripts to visualize and process assets, and training code described in our paper.
Python
552
star
62

sample-backyard-birds

Swift
506
star
63

device-management

Device management schema data for MDM.
506
star
64

ccs-calendarserver

The Calendar and Contacts Server.
Python
470
star
65

ml-facelit

Official repository of FaceLit: Neural 3D Relightable Faces (CVPR 2023)
Python
457
star
66

swift-3-api-guidelines-review

Swift
452
star
67

swift-org-website

Swift.org website
SCSS
438
star
68

GCGC

Jupyter Notebook
436
star
69

swift-nio-http2

HTTP/2 support for SwiftNIO
Swift
405
star
70

swift-tools-support-core

Contains common infrastructural code for both SwiftPM and llbuild.
Swift
390
star
71

swift-nio-ssh

SwiftNIO SSH is a programmatic implementation of SSH using SwiftNIO
Swift
364
star
72

swift-nio-ssl

TLS Support for SwiftNIO, based on BoringSSL.
C
345
star
73

ml-gmpi

Official PyTorch implementation of GMPI (ECCV 2022, Oral Presentation)
Python
329
star
74

example-package-dealer

Example package for use with the Swift Package Manager
Swift
319
star
75

swift-collections-benchmark

A benchmarking tool for Swift Collection algorithms
Swift
316
star
76

example-package-playingcard

Example package for use with the Swift Package Manager
Swift
308
star
77

swift-docc-render

Web renderer for Swift-DocC documentation.
JavaScript
300
star
78

indexstore-db

Index database library for use with sourcekit-lsp
C++
299
star
79

swift-playdate-examples

A technical demonstration of Embedded Swift running on Playdate by Panic
Swift
295
star
80

swift-docc-plugin

Swift Package Manager command plugin for Swift-DocC
Swift
295
star
81

ml-hierarchical-confusion-matrix

Neo: Hierarchical Confusion Matrix Visualization (CHI 2022)
TypeScript
292
star
82

ml-gsn

Python
284
star
83

swift-llbuild2

A fresh take on a low-level build system API.
Swift
280
star
84

swift-source-compat-suite

The infrastructure and project index comprising the Swift source compatibility suite.
Python
278
star
85

sample-cloudkit-sharing

Swift
275
star
86

swift-xcode-playground-support

Logging and communication to allow Swift toolchains to communicate with Xcode.
Swift
270
star
87

swift-experimental-string-processing

An early experimental general-purpose pattern matching engine for Swift.
Swift
263
star
88

ml-sigma-reparam

Python
255
star
89

swift-standard-library-preview

Swift
253
star
90

swift-nio-transport-services

Extensions for SwiftNIO to support Apple platforms as first-class citizens.
Swift
252
star
91

swift-stress-tester

Stress testing utilities for Swift's tooling
Swift
207
star
92

swift-service-discovery

A service discovery API for Swift.
Swift
203
star
93

swift-certificates

An implementation of X.509 for Swift
Swift
195
star
94

swift-nio-examples

examples of how to use swift-nio
Swift
195
star
95

swift-cluster-membership

Distributed Membership Protocol implementations in Swift
Swift
191
star
96

swift-aoc-starter-example

Swift starter project for solving Advent of Code challenges.
Swift
189
star
97

sample-cloudkit-coredatasync

Swift
187
star
98

swift-distributed-tracing

Instrumentation library for Swift server applications
Swift
186
star
99

pfl-research

Simulation framework for accelerating research in Private Federated Learning
Python
186
star
100

swift-internals

HTML
182
star