AES-CBC Support

[VaslD]

New API Proposal: AES-CBC

Motivation:

AES-GCM may be recommended for new applications, but AES-CBC is likely the most common (and vulnerability-free to-date) symmetric encryption in use. HLS streaming and many third-party file formats and proprietary protocols build on AES-CBC, so not having it in Crypto (and CryptoKit) hinders interoperability with many services.

BoringSSL does AES-CBC. And since we already have a GCM wrapper, adding CBC should be as easy as changing a few parameters. We won't be able to reuse AEAD contexts and protocols to share this implementation with GCM/ChaCha because CBC is not AEAD, but calls to BoringSSL EVP should only require minimal changes.

Importance:

Currently there is no official Swift APIs for AES-CBC. On Apple platforms, one has access to CommonCrypto which does full-feature AES, and Security framework which has limited AES support only on macOS. Third-party Swift cryptography libraries with AES support do exist, but their APIs do not play well if most parts of my application already uses Crypto(Kit).

[Lukasa]

Thanks for filing this! I'll take this to my colleagues and report back.

[baarde]

I think this issue has been addressed in #200 and may be closed.

[0xTim]

Can confirm - I'm using it in a project against keys and data generated via other means and it works fine