Swift cross-platform crypto library using CommonCrypto/libcrypto

Overview

APIDoc Build Status - Master macOS iOS Linux Apache 2 Slack Status

BlueCryptor

Swift cross-platform crypto library derived from IDZSwiftCommonCrypto.

IMPORTANT NOTE: This release is NOT entirely source code compatible with previous releases. There are instances where exceptions are thrown now instead of the framework calling fatalError(). This means that there are more recoverable errors in the library than before. The only time that fatalError() is called is to indicate either a programming error or a non-recoverable system error.

Note: On macOS and iOS, BlueCryptor uses the Apple provided CommonCrypto library. On Linux, it uses libcrypto from the OpenSSL project.

Prerequisites

Swift

  • Swift Open Source swift-4.0.0-RELEASE toolchain (Minimum REQUIRED for latest release)
  • Swift Open Source swift-4.2-RELEASE toolchain (Recommended)
  • Swift toolchain included in Xcode Version 10.0 (10A255) or higher.

macOS

  • macOS 10.11.6 (El Capitan) or higher.
  • Xcode Version 9.0 or higher using one of the above toolchains.
  • Xcode Version 10.0 (10A255) or higher using the included toolchain (Recommended).
  • CommonCrypto is provided by macOS.

iOS

  • iOS 10.0 or higher
  • Xcode Version 9.0 or higher using one of the above toolchains.
  • Xcode Version 10.0 (10A255) or higher using the included toolchain (Recommended).
  • CommonCrypto is provided by iOS.

Linux

  • Ubuntu 16.04 (or 16.10 but only tested on 16.04) and 18.04.
  • One of the Swift Open Source toolchain listed above.
  • OpenSSL is provided by the distribution. Note: 1.0.x, 1.1.x and later releases of OpenSSL are supported.
  • The appropriate libssl-dev package is required to be installed when building.

Build

To build Cryptor from the command line:

% cd <path-to-clone>
% swift build

Testing

To run the supplied unit tests for Cryptor from the command line:

% cd <path-to-clone>
% swift build
% swift test

Getting started

Including in your project

Swift Package Manager

To include BlueCryptor into a Swift Package Manager package, add it to the dependencies attribute defined in your Package.swift file. You can select the version using the majorVersion and minor parameters. For example:

	dependencies: [
		.Package(url: "https://github.com/IBM-Swift/BlueCryptor.git", majorVersion: <majorVersion>, minor: <minor>)
	]

Carthage

To include BlueCryptor in a project using Carthage, add a line to your Cartfile with the GitHub organization and project names and version. For example:

	github "IBM-Swift/BlueCryptor" ~> <majorVersion>.<minor>

CocoaPods

To include BlueCryptor in a project using CocoaPods, you just add BlueCryptor to your Podfile, for example:

    platform :ios, '10.0'

    target 'MyApp' do
        use_frameworks!
        pod 'BlueCryptor'
    end

Before starting

The first thing you need to do is import the Cryptor framework. This is done by the following:

import Cryptor

API

Cryptor

The following code demonstrates encryption and decryption using AES single block CBC mode using optional chaining.

let key = CryptoUtils.byteArray(fromHex: "2b7e151628aed2a6abf7158809cf4f3c")
let iv = CryptoUtils.byteArray(fromHex: "00000000000000000000000000000000")
let plainText = CryptoUtils.byteArray(fromHex: "6bc1bee22e409f96e93d7e117393172a")

var textToCipher = plainText
if plainText.count % Cryptor.Algorithm.aes.blockSize != 0 {
	textToCipher = CryptoUtils.zeroPad(byteArray: plainText, blockSize: Cryptor.Algorithm.aes.blockSize)
}
do {
	let cipherText = try Cryptor(operation: .encrypt, algorithm: .aes, options: .none, key: key, iv: iv).update(byteArray: textToCipher)?.final()
		
	print(CryptoUtils.hexString(from: cipherText!))
		
	let decryptedText = try Cryptor(operation: .decrypt, algorithm: .aes, options: .none, key: key, iv: iv).update(byteArray: cipherText!)?.final()

	print(CryptoUtils.hexString(from: decryptedText!))
} catch let error {
	guard let err = error as? CryptorError else {
		// Handle non-Cryptor error...
		return
	}
	// Handle Cryptor error... (See Status.swift for types of errors thrown)
}

Digest

The following example illustrates generating an MD5 digest from both a String and an instance of NSData.

let qbfBytes : [UInt8] = [0x54,0x68,0x65,0x20,0x71,0x75,0x69,0x63,0x6b,0x20,0x62,0x72,0x6f,0x77,0x6e,0x20,0x66,0x6f,0x78,0x20,0x6a,0x75,0x6d,0x70,0x73,0x20,0x6f,0x76,0x65,0x72,0x20,0x74,0x68,0x65,0x20,0x6c,0x61,0x7a,0x79,0x20,0x64,0x6f,0x67,0x2e]
let qbfString = "The quick brown fox jumps over the lazy dog."

// String...
let md5 = Digest(using: .md5)
md5.update(string: qfbString)
let digest = md5.final()

// NSData using optional chaining...
let qbfData = CryptoUtils.data(from: qbfBytes)
let digest = Digest(using: .md5).update(data: qbfData)?.final()

HMAC

The following demonstrates generating an SHA256 HMAC using byte arrays for keys and data.

let myKeyData = "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
let myData = "4869205468657265"
let key = CryptoUtils.byteArray(fromHex: myKeyData)
let data : [UInt8] = CryptoUtils.byteArray(fromHex: myData)

let hmac = HMAC(using: HMAC.Algorithm.sha256, key: key).update(byteArray: data)?.final()

Key Derivation

The following illustrates generating a key using a password, salt, number of rounds and a specified derived key length using the SHA1 algorithm. Then it shows how to generate a String from resultant key.

let password = "password"
let salt = salt
let rounds: UInt = 2
let derivedKeyLen = 20
do {
	let key = PBKDF.deriveKey(fromPassword: password, salt: salt, prf: .sha1, rounds: rounds, derivedKeyLength: derivedKeyLen)
	let keyString = CryptoUtils.hexString(from: key)
} catch let error {
	guard let err = error as? CryptorError else {
		// Handle non-Cryptor error...
		return
	}
	// Handle Cryptor error... (See Status.swift for types of errors thrown)
}

Random Byte Generation

The following demonstrates generating random bytes of a given length.

let numberOfBytes = 256*256
do {
	let randomBytes = try Random.generate(byteCount: numberOfBytes)
} catch {
  	print("Error generating random bytes")
}

Utilities

Cryptor also provides a set of data manipulation utility functions for conversion of data from various formats:

  • To byteArray ([UInt8])
    • From hex string
    • From UTF8 string
  • To Data
    • From hex string
    • From byte array ([UInt8])
  • To NSData
    • From hex string
    • From byte array ([UInt8])
  • To NSString
    • From byte array ([UInt8])
  • To hexList (String)
    • From byte array ([UInt8])

Also provided are an API to pad a byte array ([UInt8]) such that it is an integral number of block size in bytes long.

  • func zeroPad(byteArray: [UInt8], blockSize: Int) -> [UInt8]
  • func zeroPad(string: String, blockSize: Int) -> [UInt8]

Restrictions

The following algorithm is not available on Linux since it is not supported by OpenSSL.

  • Digest: MD2

In all cases, use of unsupported APIs or algorithms will result in a Swift fatalError(), terminating the program and should be treated as a programming error.

Community

We love to talk server-side Swift and Kitura. Join our Slack to meet the team!

License

This library is licensed under Apache 2.0. Full license text is available in LICENSE.

Comments
  • RSA Signing

    RSA Signing

    What would it take to extend this library to support RSA in addition to HMAC? I'd like to use it for signing JWT tokens, but Google only supports RS256.

    Looks like CommonCrypto supports it, so I'm assuming OpenSSL does too.

    enhancement 
    opened by collinhundley 26
  • Invalid Exclude in Xcode 13

    Invalid Exclude in Xcode 13

    Since upgrading to Xcode 13, I'm seeing an Invalid Exclude warning message indicating that the requested file cannot be found.

    This applies to:

    • Cryptor.xcodeproj
    • Sources/Info.plist
    • README.md
    opened by adam-redboxmobile 15
  • ECDSA support

    ECDSA support

    In SwiftJWT, we would like to support ES256. This requires the JWT be signed/verified using ECDSA. BlueCryptor seems like the right place to implement a common API for the Elliptic curve algorithm.

    OpenSSL has an implementation that is documented here. This could be used for the linux implementation.

    Apple security has an implementation that is documented here. This could be used for the iOS/MacOS implementation.

    @billabt This approach is fairly similar to BlueRSA. Is there a reason you made BlueRSA a separate repo instead of incorporating it into BlueCryptor?

    enhancement 
    opened by Andrew-Lees11 9
  • CHTTParser error when running swift build

    CHTTParser error when running swift build

    Hi guys,

    So i am a newbie, and in my environment, im running Kaitura over Docker. I get the following error, which I believe is related to the Crypto library, when i run swift build:

    /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ Compile Swift Module 'LoggerAPI' (1 sources) /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ Compile Swift Module 'Core' (28 sources) Compile Swift Module 'Node' (22 sources) /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ /projects/project7/.build/debug/CHTTPParser.build/module.modulemap:2:14: error: umbrella directory '/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include' not found umbrella "/Users/doronkatz/Development/Server/project7/Packages/CHTTPParser-0.3.0/Sources/CHTTPParser/include" ^ <unknown>:0: error: build had 5 command failures error: exit(1): /root/swift-3.0.1-RELEASE-ubuntu16.04/usr/bin/swift-build-tool -f /projects/project7/.build/debug.yaml

    My Package.swift is as follows:

    ` import PackageDescription

    let package = Package( name: "project7", dependencies: [ .Package(url: "https://github.com/IBM-Swift/Kitura.git", majorVersion: 1), .Package(url: "https://github.com/IBM-Swift/HeliumLogger.git", majorVersion: 1), .Package(url: "https://github.com/IBM-Swift/BlueCryptor.git", majorVersion: 0, minor: 8), .Package(url: "https://github.com/vapor/mysql.git", majorVersion: 1), ] ) `

    Im on Swift 3.0.1. Not sur what else I can do on my end... Any assistance would be great. When i took out crypto the build worked.

    Thanks!

    opened by doronkatz 7
  • silence compiler warnings

    silence compiler warnings

    Silence Compiler Warnings on Xcode 13

    Motivation and Context

    Clean Build(™)

    How Has This Been Tested?

    Xcode 13 with swift 5.5 rebuild

    Checklist:

    • [x] I have submitted a CLA form
    • [x] If applicable, I have updated the documentation accordingly.
    • [x] If applicable, I have added tests to cover my changes.
    opened by mman 4
  • fix: make byteArray return empty array on failure instead of fatal error

    fix: make byteArray return empty array on failure instead of fatal error

    Description

    This PR changes byteArray so that on failure it returns an empty array instead of throwing a fatal error.

    Motivation and Context

    This is required because you make pass user code into the function (such as in Kitura-Session where a users Cookie is decoded). If it throws a fatal error on failure then a user can crash the system. If it returns an empty array the application can handle this in the correct way.

    How Has This Been Tested?

    This has been tested within Kitura-Session. Using this code makes the session reject the cookie instead of throwing a fatal error and crashing the server.

    Checklist:

    • [x] I have submitted a CLA form
    • [x] If applicable, I have updated the documentation accordingly.
    opened by Andrew-Lees11 4
  • Replace some fatalError's by optional/Result/throws

    Replace some fatalError's by optional/Result/throws

    I'm using Cryptor for doing signed+encrypted cookies, as well as encrypted values in url params, for example an unsubscribe link in an email that allows quick removal from newsletters.

    The library currently fatalError's a lot. Some of it seems reasonable, like using an unsupported encryption algorithm. However, fatalError's are also used for malformed data, which could happen if the user tampers with cookies, urls, etc... This means a user can crash a server using Cryptor very easily.

    Should all uses of fatalError be audited to convert most to use optionals, Result or throws?

    opened by mbrandonw 4
  • Detect Invalid Initialization Vector Size.

    Detect Invalid Initialization Vector Size.

    Since this code is based on IDZSwiftCommonCrypto it has inherited some of that library's flaws. While the library currently pays quite a bit of attention to keys, it has no error checking on IV size.

    If a user supplies too small an IV, some uninitialized bytes will used by CommonCrypto. This is not a security risk, it just leads to incorrect results and difficult to track down bugs.

    We're adding additional error checking to try to catch these problems before they occur.

    You may want to take a look at https://github.com/iosdevzone/IDZSwiftCommonCrypto/pull/79 to see the changes we're making!

    opened by iosdevzone 4
  • Code formatting changes for readability

    Code formatting changes for readability

    Description

    • Splits dictionaries into more digestible blocks and aligns them in a more readable way.
    • Fixes some formatting issues with the documentation.

    Motivation and Context

    This PR simply aims to make the code more readable.

    How Has This Been Tested?

    No logic changes were made. Existing tests were run and passed.

    opened by alexpersian 4
  • Removed warnings found in Swift 4.1

    Removed warnings found in Swift 4.1

    There are a low level API changes in Swift 4.1 which were giving warnings in other projects that depended on this repo, such as Kitura Websocket.

    This PR just adds some conditional checks to use the relevant API depending on the Swift version.

    Ran the test suite locally and built locally too on Swift 3.1.1, 4.0.3 and 4.1. I have added Travis builds for these Swift versions too.

    opened by KyeMaloy97 3
  • Removed the team from the General Signing and update the project to support iOS 9.0

    Removed the team from the General Signing and update the project to support iOS 9.0

    Description

    Motivation and Context

    How Has This Been Tested?

    Checklist:

    • [ ] I have submitted a CLA form
    • [ ] If applicable, I have updated the documentation accordingly.
    • [ ] If applicable, I have added tests to cover my changes.
    opened by laurentmorvillier 3
  • Removed support for cryptographically broken algorithms MD2, MD4, MD5

    Removed support for cryptographically broken algorithms MD2, MD4, MD5

    Addresses the deprecation that has been there since iOS 13

    Also added a project file to the repo to make future maintenance easier

    Description

    • Removing all the code supporting MD2, MD4, MD5
      • They have been deprecated by Apple for being cryptographically broken
      • Cleans up warnings seen by anyone targeting an iOS version >13.0
    • Also included a project file to make future updates & testing easier

    Motivation and Context

    Issue: #77

    Trying to eliminate warnings we see in our application (from consuming SwiftJWT, which consumes this)

    How Has This Been Tested?

    Unit testing in the repo/code. Also verified passivity in our application.

    Checklist:

    • [x] I have submitted a CLA form (as on other PRs, submitted one electronically, so, assuming that would apply to this, too?)
    • [x] If applicable, I have updated the documentation accordingly.
    • [x] If applicable, I have added tests to cover my changes.
    opened by LowAmmo 1
  • Remove support for deprecated cryptographic options (MD2, MD4, MD5) & release to cocoapods

    Remove support for deprecated cryptographic options (MD2, MD4, MD5) & release to cocoapods

    Looks like Apple is considering MD2, MD4, M5 "cryptographically broken"

    'CC_MD2_Final' was deprecated in iOS 13.0: This function is cryptographically broken and should not be used in security contexts. Clients should migrate to SHA256 (or stronger).

    So, might as well remove those options.

    Then, once the options are removed - would be awesome to release the new version to cocoapods! 😄

    (working on a PR to address, now)

    -Thanks!

    opened by LowAmmo 0
  • Getting

    Getting " " (empty) Decrypted string from update function

    class func decrypt(encodedData: String, secret: String, algorithm: String) -> String {
            do {
                let key = Array(secret.utf8)
                let bytes = encodedData.hexaBytes
                let cryptor = try Cryptor(operation:.decrypt, algorithm:.aes256, options:[.ecbMode, .pkcs7Padding], key:key, iv:[UInt8]())
                if let decrypted = cryptor.update(byteArray: bytes)?.final() {
                    return String(bytes: decrypted, encoding: .utf8) ?? ""
                }
            } catch {
                print(error)
            }
            return ""
    }
    

    i am using above function to decrypt data. it will returning blank "" string. i am using .ecbMode and .pkcs7Padding pattern also i am getting key and bytes data successfully. issue in cryptor.update function.

    opened by nirav-kotecha 0
  • Invalid Triple-DES encryption result

    Invalid Triple-DES encryption result

    Hi everyone,

    I'm going to implement the Triple-DES to encrypt a password and I'm using the following command to validate the encryption output. Screen Shot 2022-06-01 at 3 47 48 PM

    but I got a different encryption result.

    Here's my code

    func tripleDesEncrypt(inputStr: String, keyStr: String) -> String? {
            let key = CryptoUtils.byteArray(fromHex: keyStr)
            let iv = CryptoUtils.byteArray(fromHex: "0000000000000000")
            let plainText = CryptoUtils.byteArray(fromHex: inputStr)
            
            var textToCipher = plainText
            if plainText.count % Cryptor.Algorithm.tripleDes.blockSize != 0 {
                textToCipher = CryptoUtils.zeroPad(byteArray: plainText, blockSize: Cryptor.Algorithm.tripleDes.blockSize)
            }
            do {
                let cipherText = try Cryptor(operation: .encrypt, algorithm: .tripleDes, options: .pkcs7Padding, key: key, iv: iv).update(byteArray: textToCipher)?.final()
                
                print(CryptoUtils.hexString(from: cipherText!))
    
            } catch let error {
                guard let err = error as? CryptorError else {
                    return nil
                }
                
                print(err.description)
            }
            
            return nil
        }
    

    Input inputStr: 0592389EDCBA96FF keyStr: 0123456789abcdeffedcba9876543210

    Output d9f8e02413307c829b81df2a39d8c603

    The right output should be a25fbc3a3ed409102e24eeb85aef49ae

    Please advise.

    opened by MohamedT-Silverkey 0
  • custom framework build failing with no full bitcode error

    custom framework build failing with no full bitcode error

    Hi Everyone, I am very new to iOS so this might be a stupid question, but please help me out. I am using the BlueCryptor for doing some encryptions in my custom framework. I added the BlueCryptor to the framework through SwiftPackages->AddNewPackage. All the functionality is working fine.

    I am using my framework in an app which needs bitcode to be enabled. So I added this user-defined build setting in my fraework: BITCODE_GENERATION_MODE(https://medium.com/@heitorburger/static-libraries-frameworks-and-bitcode-6d8f784478a9)

    Now the build is failing with :

    ld: bitcode bundle could not be generated because '/Users/ds/Library/Developer/Xcode/DerivedData/customFramework-excnpjvylyjcgnahfenjtaqmjjmf/Build/Products/Release-iphoneos/Cryptor.o' was built without full bitcode. All object files and libraries for bitcode must be generated from Xcode Archive or Install build file '/Users/ds/Library/Developer/Xcode/DerivedData/customFramework-excnpjvylyjcgnahfenjtaqmjjmf/Build/Products/Release-iphoneos/Cryptor.o' for architecture arm64 clang: error: linker command failed with exit code 1 (use -v to see invocation)

    opened by Tharunreddych 1
Releases(2.0.1)
  • 1.0.32(Feb 27, 2018)

    Version 1.0

    Swift cross-platform crypto library derived from [IDZSwiftCommonCrypto]Swift cross-platform crypto library derived from IDZSwiftCommonCrypto.

    IMPORTANT NOTE: This release is NOT entirely source code compatible with previous releases. There are instances where exceptions are thrown now instead of the framework calling fatalError(). This means that there are more recoverable errors in the library than before. The only time that fatalError() is called is to indicate either a programming error or a non-recoverable system error.

    Note: On macOS and iOS, BlueCryptor uses the Apple provided CommonCrypto library. On Linux, it uses libcrypto from the OpenSSL project.

    Prerequisites

    Swift

    • Swift Open Source swift-4.0.0-RELEASE toolchain (Minimum REQUIRED for latest release)
    • Swift Open Source swift-5.0-RELEASE toolchain (Recommended)
    • Swift toolchain included in Xcode Version 10.2 (10E125) or higher.

    macOS

    • macOS 10.11.6 (El Capitan) or higher.
    • Xcode Version 9.0 (9A325) or higher using one of the above toolchains.
    • Xcode Version 10.2 (10E125) or higher using the included toolchain (Recommended).

    iOS

    • iOS 10.0 or higher
    • Xcode Version 9.0 (9A325) or higher using one of the above toolchains.
    • Xcode Version 10.2 (10E125) or higher using the included toolchain (Recommended).

    Linux

    • Ubuntu 16.04 (or 16.10 but only tested on 16.04 and 18.04).
    • One of the Swift Open Source toolchain listed above.
    • OpenSSL is provided by the distribution. Note: 1.0.x, 1.1.x and later releases of OpenSSL are supported.

    Changes since 1.0.0

    • Fixed warnings from Swift 4.1, added build support for 3.1.1 thru 4.1. PR #34.
    • Make Swift 4.1 the default compiler. Issue #35.
    • Support for Xcode 10 Beta. PR #38.
    • Added Swift 4.2 builds to CI.
    • Added scheme for building iOS version of BlueCryptor and made it shared. Issue #43.
    • Update README to specify libssl-dev as a requirement for building on Linux. Issue #42.
    • Minor license update.
    • Updates for Xcode 10 to project.
    • Swift 4.2 support. PR #46
    • Make Swift 4.2 the default compiler in project.
    • Revert (#46) to use OpenSSL module in 4.2 format. PR #47.
    • Update recommendations to Swift 4.2 and Xcode 10.
    • Added support for OpenSSL 1.1.x as well as OpenSSL 1.0.x.
    • Added CI support for building with Swift 5. PR #49.
    • Removed requirement of Swift 4.2 to support OpenSSL 1.1.x. OpenSSL 1.1.x is now supported using Swift 4.0, 4.1 and 4.2.
    • Update CI support to use Swift 4.2.3. PR #52
    • byteArray utility method will now return an empty array if the input array contains invalid hex digits. Note: This function previously resulted in a fatal error under these circumstances. PR #53. In a future release, this function will throw an exception when encountering invalid hex digits.
    • Update to Swift 5.0. PR #54.
    • Cleanup warnings on Linux. PR #57, #58.
    • Fixed warning showing up on Xcode 11. PR #60.
    • Add CI support for Xcode 11.
    • Fixed some linter warnings, update to Swift 5.1. PR #62
    Source code(tar.gz)
    Source code(zip)
  • 0.8.27(Nov 17, 2016)

    This release minimally requires use of the swift-3.1.1-RELEASE toolchain or the swift-4.0.0-RELEASE toolchain which is recommended.

    • Compatible with Xcode 9.0 (9A235) General Release or higher using one of the above toolchains.
    • Removed old restriction on Digest by now allowing the Data extension to work on Linux as well as macOS.
    • Renamed Updateable protocol to Updatable.
    • Added new Data based update function to Updatable.
    • Added support for SHA1 algorithm in both Digest and HMAC.
    • For every function that took a NSData, there is now an equivalent function that takes a Data object.
    • Added tests for new Data based functions.
    • Allow use on iOS, tvOS and watchOS as well as macOS.
    • Removed the inout modifier from the update(data: Data) function in Updatable extension. It was unnecessary. See issue #7 for more details.
    • Added CI (PR#6).
    • Removed RSA stub. This will be replaced by a forthcoming RSA-centric cross-platform package in the near future.
    • Merged PR #20 to fix a memory leak on Linux.
    • Added iOS target to supplied Xcode project.
    • Merged PR #23 to improve documentation formatting.
    • Support of Xcode 9 Beta.
    • Support for Swift 4.
    • Detect an invalid initialization vector size passed in to the StreamCryptor initializers. Issue #26.
    • Fixed problem with passing the size of an IV passed as a String. Need to account for all the bytes not just the character length which could be different.
    • Added additional tests to cover issue #26.
    • Added CocoaPod support (not quite functional yet).
    • Remove build on Xcode 8.3.
    • CI updates.
    • Completed audit of fatalErrors as per issue #30 . Next step will be the code changes. No code changes with this release, just added comments where fatalError() calls will be removed in a future release and replaced by exceptions and/or Status changes.
    Source code(tar.gz)
    Source code(zip)
  • 0.6.1(Aug 16, 2016)

    This release requires use of the swift-DEVELOPMENT-SNAPSHOT-2016-08-015-a toolchain.

    • Compatible with Xcode 8 Beta 6 using the above toolchains.
    • Removed old restriction on Digest by now allowing the Data extension to work on Linux as well as macOS.
    • Renamed Updateable protocol to Updatable.
    • Added new Data based update function to Updatable.
    • Added support for SHA1 algorithm in both Digest and HMAC.
    • For every function that took a NSData, there is now an equivalent function that takes a Data object.
    • Added tests for new Data based functions.
    Source code(tar.gz)
    Source code(zip)
  • 0.5.6(Aug 6, 2016)

    This release requires use of the swift-DEVELOPMENT-SNAPSHOT-2016-08-04-a toolchain or the new swift-DEVELOPMENT-SNAPSHOT-2016-08-07-a toolchain.

    • Compatible with Xcode 8 Beta 5 using either of the above toolchains.
    • Removed old restriction on Digest by now allowing the Data extension to work on Linux as well as macOS.
    • Renamed Updateable protocol to Updatable.
    • Added new Data based update function to Updatable.
    • Added support for SHA1 algorithm in both Digest and HMAC.
    • For every function that took a NSData, there is now an equivalent function that takes a Data object.
    • Added tests for new Data based functions.
    Source code(tar.gz)
    Source code(zip)
  • 0.4.0(Jul 26, 2016)

    This release requires use of the new swift-DEVELOPMENT-SNAPSHOT-2016-07-25-a toolchain.

    Note: Due to inconsistencies in the implementation of Data on macOS and Linux, this release continues to use the NSData and NSMutableData types. Once these inconsistencies are rectified, the Data type will be adopted.

    Source code(tar.gz)
    Source code(zip)
  • 0.3.0(Jun 22, 2016)

  • 0.2.5(May 25, 2016)

  • 0.2.1(Apr 29, 2016)

Owner
Kitura
Kitura - Server Side framework written in Swift
Kitura
Swift-cuckoo-collections - Cross-platform Swift dictionaries & sets that use a cuckoo hashing algorithm

CuckooCollections A Swift package for open-addressed sets and dictionaries that

Christopher Richez 0 Aug 2, 2022
Send email to any SMTP server like a boss, in Swift and cross-platform

Hedwig is a Swift package which supplies a set of high level APIs to allow you sending email to an SMTP server easily. If you are planning to send ema

Wei Wang 1.1k Jan 3, 2023
Elegant Swift interface to access the CommonCrypto routines

SCrypto [Overview • Requirements • Installation • Usage • Alternatives • Licence] Overview SCrypto provides neat Swift interface to access the CommonC

Max 39 Mar 31, 2022
Elegant Swift interface to access the CommonCrypto routines

SCrypto [Overview • Requirements • Installation • Usage • Alternatives • Licence] Overview SCrypto provides neat Swift interface to access the CommonC

Max 35 Feb 15, 2021
Swift framework wrapping CommonCrypto's SHA256 methods.

SHA256-Swift Swift framework wrapping CommonCrypto's SHA256 methods. This is experimental. Do not use this in a production system. Installation instru

Cryptocoin for Swift 70 Dec 26, 2022
Uncomplicated cryptography frameworks base on CommonCrypto

Keys - Keys of data encryption 中文介绍 Example let password = Password("Secret") let key = SymmetricKey() password.encrypt(data) let data = "Hello Wo

Xingzhi Zheng 47 Jun 12, 2022
A wrapper for Apple's Common Crypto library written in Swift.

IDZSwiftCommonCrypto A Swift wrapper for Apple's CommonCrypto library. IDZSwiftCommonCrypto works with both CocoaPods and Cathage. For more details on

idz 472 Dec 12, 2022
CryptoTrack - iOS app using API to receive updated crypto prices

CryptoTrack Tools used: Swift Xcode by Jose Sahagun jsahagun.io.

Jose Sahagun 0 Jan 3, 2022
CryptoExchange - A fully functional structure for Crypto Exchange app without using many third party assests

cryptoExchange A fully functional structure for Crypto Exchange app without usin

Shwait Kumar 0 Jan 6, 2022
Safe and easy to use crypto for iOS and macOS

Swift-Sodium Swift-Sodium provides a safe and easy to use interface to perform common cryptographic operations on macOS, iOS, tvOS and watchOS. It lev

Frank Denis 483 Jan 5, 2023
A simple way of doing both symmetric and asymmetric crypto without the headache

Simple Swift Crypto I needed a simple way of doing both symmetric and asymmetric

Joe Hinkle 6 Dec 19, 2022
Wi-attack: Cross-technology Impersonation Attack against iBeacon Services

Wi-attack: Cross-technology Impersonation Attack against iBeacon Services

Naxin 3 Nov 30, 2021
Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities.

Description Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities. List of vulner

Oversecured Inc 135 Dec 15, 2022
PassDrop is a fully-featured secure password management system, compatible with the free KeePass 1.x (Classic) and multi-platform KeePassX desktop applications.

passdrop This is a modern, updated build of Rudis Muiznieks's PassDrop application. PassDrop is a fully-featured secure password management system, co

Chad Austin 33 Sep 23, 2022
LocalAuth - Another Fusion library to implement the local authentication using Biometry

FusionLocalAuth Another Fusion library to implement the local authentication usi

Vedant Jha 0 Jan 13, 2022
RSA public/private key encryption, private key signing and public key verification in Swift using the Swift Package Manager. Works on iOS, macOS, and Linux (work in progress).

BlueRSA Swift cross-platform RSA wrapper library for RSA encryption and signing. Works on supported Apple platforms (using Security framework). Linux

Kitura 122 Dec 16, 2022
RSA public/private key encryption, private key signing and public key verification in Swift using the Swift Package Manager. Works on iOS, macOS, and Linux (work in progress).

BlueRSA Swift cross-platform RSA wrapper library for RSA encryption and signing. Works on supported Apple platforms (using Security framework). Linux

Kitura 122 Dec 16, 2022
Helps you define secure storages for your properties using Swift property wrappers.

?? Secure Property Storage Helps you define secure storages for your properties using Swift property wrappers. ?? Features All keys are hashed using S

Alex Rupérez 443 Jan 4, 2023
A tiny and easy to use Swift class to encrypt strings using HMAC algorithms.

#Sweet HMAC SweetHMAC is a tiny and easy to use Swift class to encrypt strings using HMAC algorithms. A special thanks to jernejstrasner for shared HM

Jan Cássio 37 Jul 27, 2022