Update code to 2024 SDK release

This patch updates Crypto to the 2024 release version of CryptoKit.
As with prior years, there are small tweaks to the API surface that
cause this to manifest as a semver major. In this instance, the
relevant change is the removal of the long-deprecated setters for the
hash function block byte counts.

This is another change that meets the technical definition of a
semver major, but is practically extraordinarily unlikely to manifest
in an actual problem. Nonetheless, we do have to acknowledge the
reality that this can break compiling code (e.g. in cases where users
have defined protocols that rely on having a setter available, even
though they never call through it).

To that end, this pushes Crypto up to 4.0.

Author: Lukasa

README.md

@@ -130,10 +130,14 @@ SemVer and Swift Crypto's Public API guarantees should result in a working progr
 
 Swift Crypto 2.0.0 was released in September 2021. The only breaking change between Swift Crypto 2.0.0 and 1.0.0 was the addition of new cases in the `CryptoKitError` enumeration. For most users, then, it's safe to depend on either the 1.0.0 _or_ 2.0.0 series of releases.
 
+Swift Crypto 3.0.0 was released in September 2023. The only breaking change between Swift Crypto 3.0.0 and 2.0.0 was the addition of new cases in the `CryptoKitError` enumeration. For most users, then, it's safe to depend on either the 1.0.0 _or_ 2.0.0 _or_ 3.0.0 series of releases.
+
+Swift Crypto 4.0.0 was released in October 2024. The only breaking change was the removal of the non-functional setters for `blockByteSize` on the hash functions, which triggered a `fatalError` if they were ever called. For most users, then, it is safe to depend on the entire range from 1.0.0 to 4.0.0 inclusive.
+
 To do so, please use the following dependency in your `Package.swift`:
 
 ```swift
-.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0" ..< "3.0.0"),
+.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0" ..< "5.0.0"),
 ```
 
 ### Developing Swift Crypto on macOS

Sources/Crypto/AEADs/AES/GCM/AES-GCM.swift

@@ -14,14 +14,17 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
-#if !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+#if (!CRYPTO_IN_SWIFTPM_FORCE_BUILD_API) || CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
 typealias AESGCMImpl = CoreCryptoGCMImpl
-import Security
 #else
 typealias AESGCMImpl = OpenSSLAESGCMImpl
 #endif
 
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension AES {
     /// The Advanced Encryption Standard (AES) Galois Counter Mode (GCM) cipher

Sources/Crypto/AEADs/ChachaPoly/ChaChaPoly.swift

@@ -14,14 +14,18 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
-#if !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+#if (!CRYPTO_IN_SWIFTPM_FORCE_BUILD_API) || CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
 typealias ChaChaPolyImpl = CoreCryptoChaChaPolyImpl
-import Security
 #else
 typealias ChaChaPolyImpl = OpenSSLChaChaPolyImpl
 #endif
 
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
+
 
 /// An implementation of the ChaCha20-Poly1305 cipher.
 public enum ChaChaPoly: Cipher {

Sources/Crypto/AEADs/Cipher.swift

@@ -14,7 +14,13 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
+
 
 protocol AEADSealedBox {
     associatedtype Nonce: Sequence

Sources/Crypto/AEADs/Nonces.swift

@@ -14,11 +14,18 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 // MARK: - Generated file, do NOT edit
 // any edits of this file WILL be overwritten and thus discarded
 // see section `gyb` in `README` for details.
 
+
+
+
 // MARK: - AES.GCM + Nonce
 extension AES.GCM {
     /// A value used once during a cryptographic operation and then discarded.
@@ -47,8 +54,8 @@ extension AES.GCM {
         /// ``init()`` method to instead create a random nonce.
         ///
         /// - Parameters:
-        ///   - data: A 12-byte data representation of the nonce. The initializer throws an
-        /// error if the data has a length other than 12 bytes.
+///   - data: A data representation of the nonce.
+///     The initializer throws an error if the data has a length smaller than 12 bytes.
         public init<D: DataProtocol>(data: D) throws {
             if data.count < AES.GCM.defaultNonceByteCount {
                 throw CryptoKitError.incorrectParameterSize
@@ -109,8 +116,8 @@ extension ChaChaPoly {
         /// ``init()`` method to instead create a random nonce.
         ///
         /// - Parameters:
-        ///   - data: A 12-byte data representation of the nonce. The initializer throws an
-        /// error if the data has a length other than 12 bytes.
+///   - data: A 12-byte data representation of the nonce.
+///     The initializer throws an error if the data isn't 12 bytes long.
         public init<D: DataProtocol>(data: D) throws {
             if data.count != ChaChaPoly.nonceByteCount {
                 throw CryptoKitError.incorrectParameterSize

Sources/Crypto/AEADs/Nonces.swift.gyb

@@ -14,18 +14,31 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 // MARK: - Generated file, do NOT edit
 // any edits of this file WILL be overwritten and thus discarded
 // see section `gyb` in `README` for details.
+
 %{
-ciphers = [{"name": "AES.GCM", "recommendedNonceSize": "AES.GCM.defaultNonceByteCount", "nonceValidation": "< AES.GCM.defaultNonceByteCount"},{"name": "ChaChaPoly", "recommendedNonceSize": "ChaChaPoly.nonceByteCount", "nonceValidation": "!= ChaChaPoly.nonceByteCount"}]
+ciphers = [{"name": "AES.GCM", "recommendedNonceSize": "AES.GCM.defaultNonceByteCount", "nonceValidation": "< AES.GCM.defaultNonceByteCount", "dataDescription": "///   - data: A data representation of the nonce.\n///     The initializer throws an error if the data has a length smaller than 12 bytes."}]
+
+if "NO_CHACHAPOLY" in globals():
+    pass
+else:
+    ciphers.append({"name": "ChaChaPoly", "recommendedNonceSize": "ChaChaPoly.nonceByteCount", "nonceValidation": "!= ChaChaPoly.nonceByteCount", "dataDescription": "///   - data: A 12-byte data representation of the nonce.\n///     The initializer throws an error if the data isn't 12 bytes long."})
 }%
+
+
 % for cipher in ciphers:
 %{
 name = cipher["name"]
 nonceSize = cipher["recommendedNonceSize"]
 nonceValidation = cipher["nonceValidation"]
+dataDescription = cipher["dataDescription"]
 }%
 
 // MARK: - ${name} + Nonce
@@ -56,8 +69,7 @@ extension ${name} {
         /// ``init()`` method to instead create a random nonce.
         ///
         /// - Parameters:
-        ///   - data: A 12-byte data representation of the nonce. The initializer throws an
-        /// error if the data has a length other than 12 bytes.
+${dataDescription}
         public init<D: DataProtocol>(data: D) throws {
             if data.count ${nonceValidation} {
                 throw CryptoKitError.incorrectParameterSize

Sources/Crypto/ASN1/ASN1.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 // This module implements "just enough" ASN.1. Specifically, we implement exactly enough ASN.1 DER parsing to handle
 // the following use-cases:

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Any.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An ASN1 ANY represents...well, anything.

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1BitString.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// A bitstring is a representation of...well...some bits.

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Boolean.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension Bool: ASN1ImplicitlyTaggable {
     static var defaultIdentifier: ASN1.ASN1Identifier {

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Identifier.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An `ASN1Identifier` is a representation of the abstract notion of an ASN.1 identifier. Identifiers have a number of properties that relate to both the specific

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Integer.swift

@@ -14,10 +14,15 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
-/// A protocol that represents any internal object that can present itself as an INTEGER, or be parsed from
-/// an INTEGER.
+/// A protocol that represents any internal object that can present itself as a INTEGER, or be parsed from
+/// a INTEGER.
 ///
 /// This is not a very good solution for a fully-fledged ASN.1 library: we'd rather have a better numerics
 /// protocol that could both initialize from and serialize to either bytes or words. However, no such

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Null.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An ASN1 NULL represents nothing.

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1OctetString.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An octet string is a representation of a string of octets.

Sources/Crypto/ASN1/Basic ASN1 Types/ASN1Strings.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// A UTF8String is roughly what it sounds like. We note that all the string types are encoded as implicitly tagged

Sources/Crypto/ASN1/Basic ASN1 Types/ArraySliceBigint.swift

@@ -15,6 +15,12 @@
 @_exported import CryptoKit
 #else
 
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
+import Foundation
+#endif
+
 // For temporary purposes we pretend that ArraySlice is our "bigint" type. We don't really need anything else.
 extension ArraySlice: ASN1Serializable where Element == UInt8 { }
 

Sources/Crypto/ASN1/Basic ASN1 Types/GeneralizedTime.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     struct GeneralizedTime: ASN1ImplicitlyTaggable, Hashable {

Sources/Crypto/ASN1/Basic ASN1 Types/ObjectIdentifier.swift

@@ -14,7 +14,12 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An Object Identifier is a representation of some kind of object: really any kind of object.

Sources/Crypto/ASN1/ECDSASignature.swift

@@ -12,9 +12,18 @@
 //
 //===----------------------------------------------------------------------===//
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+#if CRYPTOKIT_STATIC_LIBRARY
+@_exported import CryptoKit_Static
+#else
 @_exported import CryptoKit
+#endif
+#else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
 #else
 import Foundation
+#endif
 
 extension ASN1 {
     /// An ECDSA signature is laid out as follows:

Sources/Crypto/ASN1/PEMDocument.swift

@@ -12,9 +12,18 @@
 //
 //===----------------------------------------------------------------------===//
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+#if CRYPTOKIT_STATIC_LIBRARY
+@_exported import CryptoKit_Static
+#else
 @_exported import CryptoKit
+#endif
+#else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
 #else
 import Foundation
+#endif
 
 extension ASN1 {
     /// A PEM document is some data, and a discriminator type that is used to advertise the content.

Sources/Crypto/ASN1/PKCS8PrivateKey.swift

@@ -14,7 +14,11 @@
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
 @_exported import CryptoKit
 #else
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
+#else
 import Foundation
+#endif
 
 extension ASN1 {
     // A PKCS#8 private key is one of two formats, depending on the version:

Sources/Crypto/ASN1/SEC1PrivateKey.swift

@@ -12,9 +12,18 @@
 //
 //===----------------------------------------------------------------------===//
 #if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+#if CRYPTOKIT_STATIC_LIBRARY
+@_exported import CryptoKit_Static
+#else
 @_exported import CryptoKit
+#endif
+#else
+
+#if CRYPTOKIT_NO_ACCESS_TO_FOUNDATION
+import SwiftSystem
 #else
 import Foundation
+#endif
 
 extension ASN1 {
     // For private keys, SEC 1 uses: