Typealias CryptoKitError (apple#285)

Provides a typealias for `CryptoKitError` to hide the implementation
detail of CryptoKit. Resolves apple#274

### Motivation:

CryptoKit is an implementation detail on Apple platforms - this makes it
clearer for users coming from other platforms

### Modifications:

Added a type alias and updated documentation


Co-authored-by: Cory Benfield <lukasa@apple.com>

Author: 0xTim

README.md

@@ -129,7 +129,7 @@ What this means for you is that you should depend on Swift Crypto with a version
 In SwiftPM that can be easily done specifying for example `from: "1.0.0"` meaning that you support Swift Crypto in every version starting from 1.0.0 up to (excluding) 2.0.0.
 SemVer and Swift Crypto's Public API guarantees should result in a working program without having to worry about testing every single version for compatibility.
 
-Swift Crypto 2.0.0 was released in September 2021. The only breaking change between Swift Crypto 2.0.0 and 1.0.0 was the addition of new cases in the `CryptoKitError` enumeration. For most users, then, it's safe to depend on either the 1.0.0 _or_ 2.0.0 series of releases.
+Swift Crypto 2.0.0 was released in September 2021. The only breaking change between Swift Crypto 2.0.0 and 1.0.0 was the addition of new cases in the `CryptoError` enumeration. For most users, then, it's safe to depend on either the 1.0.0 _or_ 2.0.0 series of releases.
 
 To do so, please use the following dependency in your `Package.swift`:
 

Sources/Crypto/CMakeLists.txt

@@ -36,6 +36,7 @@ add_library(Crypto
   "ASN1/PKCS8PrivateKey.swift"
   "ASN1/SEC1PrivateKey.swift"
   "ASN1/SubjectPublicKeyInfo.swift"
+  "CryptoError_boring.swift"
   "CryptoKitErrors.swift"
   "Digests/BoringSSL/Digest_boring.swift"
   "Digests/Digest.swift"

Sources/Crypto/CryptoError_boring.swift

@@ -0,0 +1,18 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the SwiftCrypto open source project
+//
+// Copyright (c) 2019-2025 Apple Inc. and the SwiftCrypto project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of SwiftCrypto project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+@available(iOS 13.0, macOS 10.15, watchOS 6.0, tvOS 13.0, *)
+public typealias CryptoError = CryptoKitError
+@available(iOS 14, macOS 11, tvOS 14, watchOS 7, *)
+public typealias CryptoASN1Error = CryptoKitASN1Error

Sources/_CryptoExtras/MLDSA/MLDSA_boring.swift.gyb

@@ -43,7 +43,7 @@ extension MLDSA${parameter_set} {
         ///
         /// - Parameter seedRepresentation: The seed to use to generate the private key.
         ///
-        /// - Throws: `CryptoKitError.incorrectKeySize` if the seed is not 32 bytes long.
+        /// - Throws: `CryptoError.incorrectKeySize` if the seed is not 32 bytes long.
         public init(seedRepresentation: some DataProtocol) throws {
             self.backing = try Backing(seedRepresentation: seedRepresentation)
         }
@@ -119,7 +119,7 @@ extension MLDSA${parameter_set} {
             ///
             /// - Parameter seedRepresentation: The seed to use to generate the private key.
             ///
-            /// - Throws: `CryptoKitError.incorrectKeySize` if the seed is not 32 bytes long.
+            /// - Throws: `CryptoError.incorrectKeySize` if the seed is not 32 bytes long.
             init(seedRepresentation: some DataProtocol) throws {
                 guard seedRepresentation.count == MLDSA.seedByteCount else {
                     throw CryptoKitError.incorrectKeySize
@@ -199,7 +199,7 @@ extension MLDSA${parameter_set} {
         ///
         /// - Parameter rawRepresentation: The public key bytes.
         ///
-        /// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
+        /// - Throws: `CryptoError.incorrectKeySize` if the raw representation is not the correct size.
         public init(rawRepresentation: some DataProtocol) throws {
             self.backing = try Backing(rawRepresentation: rawRepresentation)
         }
@@ -252,7 +252,7 @@ extension MLDSA${parameter_set} {
             ///
             /// - Parameter rawRepresentation: The public key bytes.
             ///
-            /// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
+            /// - Throws: `CryptoError.incorrectKeySize` if the raw representation is not the correct size.
             init(rawRepresentation: some DataProtocol) throws {
                 guard rawRepresentation.count == MLDSA${parameter_set}.PublicKey.Backing.byteCount else {
                     throw CryptoKitError.incorrectKeySize

Sources/_CryptoExtras/MLKEM/MLKEM_boring.swift

@@ -46,7 +46,7 @@ extension MLKEM768 {
         ///
         /// - Parameter seedRepresentation: The seed to use to generate the private key.
         ///
-        /// - Throws: `CryptoKitError.incorrectKeySize` if the seed is not 64 bytes long.
+        /// - Throws: `CryptoError.incorrectKeySize` if the seed is not 64 bytes long.
         public init(seedRepresentation: some DataProtocol) throws {
             self.backing = try Backing(seedRepresentation: seedRepresentation)
         }
@@ -65,7 +65,7 @@ extension MLKEM768 {
         ///
         /// - Parameter encapsulated: The encapsulated shared secret.
         ///
-        /// - Throws: `CryptoKitError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
+        /// - Throws: `CryptoError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
         ///
         /// - Returns: The symmetric key.
         public func decapsulate(_ encapsulated: some DataProtocol) throws -> SymmetricKey {
@@ -104,7 +104,7 @@ extension MLKEM768 {
             ///
             /// - Parameter seedRepresentation: The seed to use to generate the private key.
             ///
-            /// - Throws: `CryptoKitError.incorrectKeySize` if the seed is not 64 bytes long.
+            /// - Throws: `CryptoError.incorrectKeySize` if the seed is not 64 bytes long.
             init(seedRepresentation: some DataProtocol) throws {
                 guard seedRepresentation.count == MLKEM.seedByteCount else {
                     throw CryptoKitError.incorrectKeySize
@@ -135,7 +135,7 @@ extension MLKEM768 {
             ///
             /// - Parameter encapsulated: The encapsulated shared secret.
             ///
-            /// - Throws: `CryptoKitError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
+            /// - Throws: `CryptoError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
             ///
             /// - Returns: The symmetric key.
             func decapsulate(_ encapsulated: some DataProtocol) throws -> SymmetricKey {
@@ -184,7 +184,7 @@ extension MLKEM768 {
         ///
         /// - Parameter rawRepresentation: The public key bytes.
         ///
-        /// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
+        /// - Throws: `CryptoError.incorrectKeySize` if the raw representation is not the correct size.
         public init(rawRepresentation: some DataProtocol) throws {
             self.backing = try Backing(rawRepresentation: rawRepresentation)
         }
@@ -216,7 +216,7 @@ extension MLKEM768 {
             ///
             /// - Parameter rawRepresentation: The public key bytes.
             ///
-            /// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
+            /// - Throws: `CryptoError.incorrectKeySize` if the raw representation is not the correct size.
             init(rawRepresentation: some DataProtocol) throws {
                 guard rawRepresentation.count == MLKEM768.PublicKey.byteCount else {
                     throw CryptoKitError.incorrectKeySize
@@ -317,7 +317,7 @@ extension MLKEM1024 {
         ///
         /// - Parameter seedRepresentation: The seed to use to generate the private key.
         ///
-        /// - Throws: `CryptoKitError.incorrectKeySize` if the seed is not 64 bytes long.
+        /// - Throws: `CryptoError.incorrectKeySize` if the seed is not 64 bytes long.
         public init(seedRepresentation: some DataProtocol) throws {
             self.backing = try Backing(seedRepresentation: seedRepresentation)
         }
@@ -336,7 +336,7 @@ extension MLKEM1024 {
         ///
         /// - Parameter encapsulated: The encapsulated shared secret.
         ///
-        /// - Throws: `CryptoKitError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
+        /// - Throws: `CryptoError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
         ///
         /// - Returns: The symmetric key.
         public func decapsulate(_ encapsulated: some DataProtocol) throws -> SymmetricKey {
@@ -375,7 +375,7 @@ extension MLKEM1024 {
             ///
             /// - Parameter seedRepresentation: The seed to use to generate the private key.
             ///
-            /// - Throws: `CryptoKitError.incorrectKeySize` if the seed is not 64 bytes long.
+            /// - Throws: `CryptoError.incorrectKeySize` if the seed is not 64 bytes long.
             init(seedRepresentation: some DataProtocol) throws {
                 guard seedRepresentation.count == MLKEM.seedByteCount else {
                     throw CryptoKitError.incorrectKeySize
@@ -406,7 +406,7 @@ extension MLKEM1024 {
             ///
             /// - Parameter encapsulated: The encapsulated shared secret.
             ///
-            /// - Throws: `CryptoKitError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
+            /// - Throws: `CryptoError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
             ///
             /// - Returns: The symmetric key.
             func decapsulate(_ encapsulated: some DataProtocol) throws -> SymmetricKey {
@@ -455,7 +455,7 @@ extension MLKEM1024 {
         ///
         /// - Parameter rawRepresentation: The public key bytes.
         ///
-        /// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
+        /// - Throws: `CryptoError.incorrectKeySize` if the raw representation is not the correct size.
         public init(rawRepresentation: some DataProtocol) throws {
             self.backing = try Backing(rawRepresentation: rawRepresentation)
         }
@@ -487,7 +487,7 @@ extension MLKEM1024 {
             ///
             /// - Parameter rawRepresentation: The public key bytes.
             ///
-            /// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
+            /// - Throws: `CryptoError.incorrectKeySize` if the raw representation is not the correct size.
             init(rawRepresentation: some DataProtocol) throws {
                 guard rawRepresentation.count == MLKEM1024.PublicKey.byteCount else {
                     throw CryptoKitError.incorrectKeySize

Sources/_CryptoExtras/MLKEM/MLKEM_boring.swift.gyb

@@ -50,7 +50,7 @@ extension MLKEM${parameter_set} {
         ///
         /// - Parameter seedRepresentation: The seed to use to generate the private key.
         ///
-        /// - Throws: `CryptoKitError.incorrectKeySize` if the seed is not 64 bytes long.
+        /// - Throws: `CryptoError.incorrectKeySize` if the seed is not 64 bytes long.
         public init(seedRepresentation: some DataProtocol) throws {
             self.backing = try Backing(seedRepresentation: seedRepresentation)
         }
@@ -69,7 +69,7 @@ extension MLKEM${parameter_set} {
         ///
         /// - Parameter encapsulated: The encapsulated shared secret.
         ///
-        /// - Throws: `CryptoKitError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
+        /// - Throws: `CryptoError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
         ///
         /// - Returns: The symmetric key.
         public func decapsulate(_ encapsulated: some DataProtocol) throws -> SymmetricKey {
@@ -108,7 +108,7 @@ extension MLKEM${parameter_set} {
             ///
             /// - Parameter seedRepresentation: The seed to use to generate the private key.
             ///
-            /// - Throws: `CryptoKitError.incorrectKeySize` if the seed is not 64 bytes long.
+            /// - Throws: `CryptoError.incorrectKeySize` if the seed is not 64 bytes long.
             init(seedRepresentation: some DataProtocol) throws {
                 guard seedRepresentation.count == MLKEM.seedByteCount else {
                     throw CryptoKitError.incorrectKeySize
@@ -139,7 +139,7 @@ extension MLKEM${parameter_set} {
             ///
             /// - Parameter encapsulated: The encapsulated shared secret.
             ///
-            /// - Throws: `CryptoKitError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
+            /// - Throws: `CryptoError.incorrectParameterSize` if the encapsulated shared secret is not 1088 bytes long.
             ///
             /// - Returns: The symmetric key.
             func decapsulate(_ encapsulated: some DataProtocol) throws -> SymmetricKey {
@@ -188,7 +188,7 @@ extension MLKEM${parameter_set} {
         ///
         /// - Parameter rawRepresentation: The public key bytes.
         ///
-        /// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
+        /// - Throws: `CryptoError.incorrectKeySize` if the raw representation is not the correct size.
         public init(rawRepresentation: some DataProtocol) throws {
             self.backing = try Backing(rawRepresentation: rawRepresentation)
         }
@@ -220,7 +220,7 @@ extension MLKEM${parameter_set} {
             ///
             /// - Parameter rawRepresentation: The public key bytes.
             ///
-            /// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
+            /// - Throws: `CryptoError.incorrectKeySize` if the raw representation is not the correct size.
             init(rawRepresentation: some DataProtocol) throws {
                 guard rawRepresentation.count == MLKEM${parameter_set}.PublicKey.byteCount else {
                     throw CryptoKitError.incorrectKeySize

Sources/_CryptoExtras/RSA/RSA+BlindSigning.swift

@@ -495,7 +495,7 @@ extension _RSA.BlindSigning.PublicKey {
 extension _RSA.BlindSigning {
     /// Errors defined in the RSA Blind Signatures protocol.
     ///
-    /// - NOTE: This type does not conform to `Swift.Error`, it is used to construct a `CryptoKitError`.
+    /// - NOTE: This type does not conform to `Swift.Error`, it is used to construct a `CryptoError`.
     ///
     /// - Seealso: [RFC 9474: Errors](https://www.rfc-editor.org/rfc/rfc9474.html#name-errors).
     @available(macOS 10.15, iOS 13, watchOS 6, tvOS 13, macCatalyst 13, visionOS 1.0, *)
@@ -512,7 +512,7 @@ extension _RSA.BlindSigning {
 
 @available(macOS 10.15, iOS 13, watchOS 6, tvOS 13, macCatalyst 13, visionOS 1.0, *)
 extension CryptoKitError {
-    /// Map an error from the RSA Blind Signatures protocol to a CryptoKitError.
+    /// Map an error from the RSA Blind Signatures protocol to a CryptoError.
     init(_ error: _RSA.BlindSigning.ProtocolError) {
         switch error {
         case .messageTooLong: