-
Notifications
You must be signed in to change notification settings - Fork 194
Bring swift-crypto up to date with CryptoKit 2025 Beta 1 #359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
@fpseverino Thank you for your hard work on the MLKEM/MLDSA implementations! You'll see that they have been brought across as the implementation of the common API layer. In the next week or so we should discuss strategies to allow _CryptoExtras to extend the APIs for the custom mu, as well as potentially to lower the availability guards to match the original implementation. @0xTim I've also taken this opportunity to have the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a planned minor release of swift-crypto
before this major one? Because otherwise these "Compatibility" files would not be needed.
In any case, I could update the current implementation of MLKEM and MLDSA to use the future CryptoKit API and simplify everything a bit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that would be a reasonable idea. As for a minor release, that's a good question. We could choose to do so, or not. Do you have a preference?
I'm sorry, I didn't quite understand what you mean here. Could you break that down for me? For ML-DSA, the minimum version was macOS 10.15 (because of |
The actual availability guards will have to be lifted to the 26 release cycle, as that is the availability of the CryptoKit implementations. As you've noted, the BoringSSL-backed implementations have more availability. One of the questions I have will be, can we offer a graceful way to opt in to lowering those guards. Is that even worth doing? |
I think the answer to both questions will have to be the same.
If the minimum required version of ML-DSA and ML-KEM will be raised in September, I don't know how much sense there is in releasing them now with a lower minimum required version, especially considering that many packages already depend on the
On the other hand, it would be nice if these algorithms worked with pre v26 versions, but that would only be possible in Linux and platforms using BoringSSL, right? On Apple platforms it would still require v26, and that would create a discrepancy. To conclude, in my opinion the simplest and clearest thing would be to release the new post-quantum algorithms with the API and availability guards they will have in CryptoKit. cc @ptoffy as a potential downstream customer who could use ML-DSA in JWTKit |
That makes sense @fpseverino, thanks for that proposal. Yes, I'll try to take a beta shortly: I'll clean up the failing CI and then start a side branch for managing the beta releases. |
I'm merging this into the tracking branch, over the API breakage check (which is expected). |
This change updates Crypto to WWDC25 equivalent code. Each of these changes were individually merged to the WWDC25 branch. This includes: - #359 - #363 - #365 - #367 - #368 - #397 - #403 - #410 - #407 - #401 - #415 --------- Co-authored-by: YourMJK <[email protected]> Co-authored-by: Si Beaumont <[email protected]> Co-authored-by: Rick Newton-Rogers <[email protected]> Co-authored-by: Raphael <[email protected]> Co-authored-by: Evan Wilde <[email protected]> Co-authored-by: Tim Condon <[email protected]> Co-authored-by: Gus Cairo <[email protected]> Co-authored-by: George Barnett <[email protected]> Co-authored-by: Fabrice de Gans <[email protected]> Co-authored-by: Wojciech Nagrodzki <[email protected]> Co-authored-by: Jesse L. Zamora <[email protected]> Co-authored-by: aryan-25 <[email protected]> Co-authored-by: Gwynne Raskind <[email protected]> Co-authored-by: 3405691582 <[email protected]> Co-authored-by: Paul Toffoloni <[email protected]>
This PR sets swift-crypto up for alignment with the WWDC 2025 CryptoKit APIs. This includes the parity APIs for MLKEM and MLDSA, as well as XWing.
At this time the SHA3 APIs are disabled, as they require a novel implementation strategy. This will come later in the summer. All API features that require SHA3 are therefore also disabled at runtime.