Bring over the WWDC 2023 CryptoKit API #181
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Lukasa
added
the
⚠️ needs-major-version-bump
FranzBusch
reviewed
Jun 6, 2023
Comment on lines
+23
to
+31
| /// An Advanced Encryption Standard cipher in Galois/Counter Mode with a key length of 128 bits. | ||
| case AES_GCM_128 | ||
| /// An Advanced Encryption Standard cipher in Galois/Counter Mode with a key length of 256 bits. | ||
| case AES_GCM_256 | ||
| /// A ChaCha20 stream cipher with the Poly1305 message authentication code. | ||
| case chaChaPoly | ||
| /// An export-only mode. | ||
| /// | ||
| /// In export-only mode, HPKE negotiates key derivation, but you can't use it to encrypt or decrypt data. |
There was a problem hiding this comment.
The doc comments are wrongly indented here
Comment on lines
+84
to
+86
| case .chaChaPoly: | ||
| return try ChaChaPoly.seal(message, using: key, nonce: ChaChaPoly.Nonce(data: nonce), authenticating: aad).combined.suffix(from: nonce.count) | ||
| default: |
There was a problem hiding this comment.
Should we use a default here or exhaustively switch to cover new cases added in the future?
|
|
||
|
|
||
| extension HPKE { | ||
| /// Cipher suites to use in hybrid public key encryption. |
There was a problem hiding this comment.
Suggested change
| /// Cipher suites to use in hybrid public key encryption. | |
| /// Cipher suites to use in hybrid public key encryption. |
| /// mechanism (KEM) for sharing the symmetric key. The sender and recipient of encrypted messages need to use the | ||
| /// same cipher suite. | ||
| public struct Ciphersuite { | ||
| /// A cipher suite for HPKE that uses NIST P-256 elliptic curve key agreement, SHA-2 key derivation |
There was a problem hiding this comment.
Suggested change
| /// A cipher suite for HPKE that uses NIST P-256 elliptic curve key agreement, SHA-2 key derivation | |
| /// A cipher suite for HPKE that uses NIST P-256 elliptic curve key agreement, SHA-2 key derivation |
|
|
||
| fileprivate static let ciphersuiteLabel = Data("HPKE".utf8) | ||
|
|
||
| /// The key encapsulation mechanism (KEM) for encapsulating the symmetric key. |
There was a problem hiding this comment.
Suggested change
| /// The key encapsulation mechanism (KEM) for encapsulating the symmetric key. | |
| /// The key encapsulation mechanism (KEM) for encapsulating the symmetric key. |
| #else | ||
| import Foundation | ||
|
|
||
| internal func I2OSP(value: Int, outputByteCount: Int) -> Data { |
| let key: DHPK | ||
|
|
||
| init(_ publicKey: DHPK, kem: HPKE.KEM) throws { | ||
| // TODO: Validate Ciphersuite Mismatches |
Comment on lines
+73
to
+77
| return Crypto.KEM.EncapsulationResult(sharedSecret: HPKE.KexUtils.ExtractAndExpand(dh: dh, | ||
| enc: enc, | ||
| pkRm: selfRepresentation, | ||
| kem: kem, | ||
| kdf: kem.kdf), encapsulated: enc) |
|
|
||
| /// A type that ``HPKE`` uses to encode the public key. | ||
| public protocol HPKEPublicKeySerialization { | ||
| /// Creates a public key from an encoded representation. |
There was a problem hiding this comment.
Comments here are also wrongly indented
| let key: DHSK | ||
|
|
||
| init(_ privateKey: DHSK, kem: HPKE.KEM) throws { | ||
| // TODO: Validate Ciphersuite Mismatches |
|
@FranzBusch Will it be acceptable for you if I apply those proposals in a new PR? |
Totally fine by me! |
Motivation WWDC has arrived! 🎉 As part of the celebration, let's bring Crypto up to speed with the new CryptoKit API surface. Modifications Substantial new docstrings HPKE support Result WWDC 2023 support.
FranzBusch
approved these changes
Jun 13, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
WWDC has arrived! 🎉 As part of the celebration, let's bring Crypto up to speed with the new CryptoKit API surface.
Modifications
Substantial new docstrings
HPKE support
Result
WWDC 2023 support.