Remove security backend (#373)

### Motivation:

Depending on the platform Swift Crypto Extras might use an
implementation backed by `Security.framework`, specifically for RSA.
Since
BoringSSL is a necessary dependency on all platforms, we can deduplicate
the implementation and keep a single backend.

### Modifications:

Remove the `Security.framework` implementation and tie the RSA backend
to
BoringSSL.

### Result:

Swift Crypto Extras always uses the BoringSSL backend for RSA.

---------

Co-authored-by: Cory Benfield <lukasa@apple.com>

Author: josephnoir

.swiftformatignore

@@ -94,7 +94,6 @@ Sources/_CryptoExtras/OPRFs/VOPRFClient.swift
 Sources/_CryptoExtras/OPRFs/VOPRFServer.swift
 Sources/_CryptoExtras/RSA/RSA+BlindSigning.swift
 Sources/_CryptoExtras/RSA/RSA.swift
-Sources/_CryptoExtras/RSA/RSA_security.swift
 Sources/_CryptoExtras/Util/BoringSSLHelpers.swift
 Sources/_CryptoExtras/Util/DigestType.swift
 Sources/_CryptoExtras/Util/Error.swift

Sources/_CryptoExtras/CMakeLists.txt

@@ -56,7 +56,6 @@ add_library(_CryptoExtras
   "RSA/RSA+BlindSigning.swift"
   "RSA/RSA.swift"
   "RSA/RSA_boring.swift"
-  "RSA/RSA_security.swift"
   "Util/BoringSSLHelpers.swift"
   "Util/CryptoKitErrors_boring.swift"
   "Util/Data+Extensions.swift"

Sources/_CryptoExtras/RSA/RSA.swift

@@ -16,17 +16,10 @@ import Crypto
 import CryptoBoringWrapper
 import SwiftASN1
 
-#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
-@available(macOS 10.15, iOS 13, watchOS 6, tvOS 13, macCatalyst 13, visionOS 1.0, *)
-fileprivate typealias BackingPublicKey = SecurityRSAPublicKey
-@available(macOS 10.15, iOS 13, watchOS 6, tvOS 13, macCatalyst 13, visionOS 1.0, *)
-fileprivate typealias BackingPrivateKey = SecurityRSAPrivateKey
-#else
 @available(macOS 10.15, iOS 13, watchOS 6, tvOS 13, macCatalyst 13, visionOS 1.0, *)
 fileprivate typealias BackingPublicKey = BoringSSLRSAPublicKey
 @available(macOS 10.15, iOS 13, watchOS 6, tvOS 13, macCatalyst 13, visionOS 1.0, *)
 fileprivate typealias BackingPrivateKey = BoringSSLRSAPrivateKey
-#endif
 
 /// Types associated with the RSA algorithm
 ///
@@ -120,14 +113,8 @@ extension _RSA.Signing {
         }
 
         /// Construct an RSA public key with the specified parameters.
-        ///
-        /// Only the BoringSSL backend provides APIs to create a key from its parameters so we first create a BoringSSL
-        /// key, and then pass it to the platform-specific initializer that accepts a BoringSSL key.
-        ///
-        /// On Darwin platforms, this will serialize it to PEM format, and then construct a platform-specific key from
-        /// the PEM representation.
         public init(n: some ContiguousBytes, e: some ContiguousBytes) throws {
-            self.backing = try BackingPublicKey(BoringSSLRSAPublicKey(n: n, e: e))
+            self.backing = try BackingPublicKey(n: n, e: e)
         }
 
         public var pkcs1DERRepresentation: Data {
@@ -218,14 +205,8 @@ extension _RSA.Signing {
         }
 
         /// Construct an RSA private key with the specified parameters.
-        ///
-        /// Only the BoringSSL backend provides APIs to create a key from its parameters so we first create a BoringSSL
-        /// key, and then pass it to the platform-specific initializer that accepts a BoringSSL key.
-        ///
-        /// On Darwin platforms, this will serialize it to DER format, and then construct a platform-specific key from
-        /// the DER representation.
         public init(n: some ContiguousBytes, e: some ContiguousBytes, d: some ContiguousBytes, p: some ContiguousBytes, q: some ContiguousBytes) throws {
-            self.backing = try BackingPrivateKey(BoringSSLRSAPrivateKey(n: n, e: e, d: d, p: p, q: q))
+            self.backing = try BackingPrivateKey(n: n, e: e, d: d, p: p, q: q)
         }
 
         /// Randomly generate a new RSA private key of a given size.
@@ -546,14 +527,8 @@ extension _RSA.Encryption {
         }
 
         /// Construct an RSA public key with the specified parameters.
-        ///
-        /// Only the BoringSSL backend provides APIs to create a key from its parameters so we first create a BoringSSL
-        /// key, and then pass it to the platform-specific initializer that accepts a BoringSSL key.
-        ///
-        /// On Darwin platforms, this will serialize it to DER format, and then construct a platform-specific key from
-        /// the DER representation.
         public init(n: some ContiguousBytes, e: some ContiguousBytes) throws {
-            self.backing = try BackingPublicKey(BoringSSLRSAPublicKey(n: n, e: e))
+            self.backing = try BackingPublicKey(n: n, e: e)
         }
 
         public var pkcs1DERRepresentation: Data { self.backing.pkcs1DERRepresentation }
@@ -614,14 +589,8 @@ extension _RSA.Encryption {
 
 
         /// Construct an RSA private key with the specified parameters.
-        ///
-        /// Only the BoringSSL backend provides APIs to create a key from its parameters so we first create a BoringSSL
-        /// key, and then pass it to the platform-specific initializer that accepts a BoringSSL key.
-        ///
-        /// On Darwin platforms, this will serialize it to PEM format, and then construct a platform-specific key from
-        /// the PEM representation.
         public init(n: some ContiguousBytes, e: some ContiguousBytes, d: some ContiguousBytes, p: some ContiguousBytes, q: some ContiguousBytes) throws {
-            self.backing = try BackingPrivateKey(BoringSSLRSAPrivateKey(n: n, e: e, d: d, p: p, q: q))
+            self.backing = try BackingPrivateKey(n: n, e: e, d: d, p: p, q: q)
         }
 
         /// Randomly generate a new RSA private key of a given size.