AES-CBC Support

[VaslD]

New API Proposal: AES-CBC

Motivation:

AES-GCM may be recommended for new applications, but AES-CBC is likely the most common (and vulnerability-free to-date) symmetric encryption in use. HLS streaming and many third-party file formats and proprietary protocols build on AES-CBC, so not having it in Crypto (and CryptoKit) hinders interoperability with many services.

BoringSSL does AES-CBC. And since we already have a GCM wrapper, adding CBC should be as easy as changing a few parameters. We won't be able to reuse AEAD contexts and protocols to share this implementation with GCM/ChaCha because CBC is not AEAD, but calls to BoringSSL EVP should only require minimal changes.

Importance:

Currently there is no official Swift APIs for AES-CBC. On Apple platforms, one has access to CommonCrypto which does full-feature AES, and Security framework which has limited AES support only on macOS. Third-party Swift cryptography libraries with AES support do exist, but their APIs do not play well if most parts of my application already uses Crypto(Kit).

[Lukasa]

Thanks for filing this! I'll take this to my colleagues and report back.