Lukasa
commented
1 year ago Thanks for filing this! I'll take this to my colleagues and report back.
Closed VaslD closed 5 months ago
Lukasa
commented
1 year ago Thanks for filing this! I'll take this to my colleagues and report back.
baarde
commented
5 months ago I think this issue has been addressed in #200 and may be closed.
0xTim
commented
5 months ago Can confirm - I'm using it in a project against keys and data generated via other means and it works fine
New API Proposal: AES-CBC
Motivation:
AES-GCM may be recommended for new applications, but AES-CBC is likely the most common (and vulnerability-free to-date) symmetric encryption in use. HLS streaming and many third-party file formats and proprietary protocols build on AES-CBC, so not having it in Crypto (and CryptoKit) hinders interoperability with many services.
BoringSSL does AES-CBC. And since we already have a GCM wrapper, adding CBC should be as easy as changing a few parameters. We won't be able to reuse AEAD contexts and protocols to share this implementation with GCM/ChaCha because CBC is not AEAD, but calls to BoringSSL EVP should only require minimal changes.
Importance:
Currently there is no official Swift APIs for AES-CBC. On Apple platforms, one has access to CommonCrypto which does full-feature AES, and Security framework which has limited AES support only on macOS. Third-party Swift cryptography libraries with AES support do exist, but their APIs do not play well if most parts of my application already uses Crypto(Kit).