1

I've created a simple lib to use HMAC digest for Swift called "SweetHMAC". This lib is so simple, basically is a wrapper to CommonHMAC.h in Swift.

I can build and deploy any iOS project using SweetHMAC correctly but, seems by some security issue, my approach is not safe. There is the warning I receive after run the iOS tests for example.

warning: linking against dylib not safe for use in application extensions

This code is not safe enough to put in iOS AppStore, and the app can be rejected by that. For OSX, there is no problems.

I know, there are HMAC ports for Swift, but my challenge is to try to enable Swift to use CommonCrypto safely.

I have implemented this project using this approach and works fine!

My question is, how possible is to create and use use modules like CommonCrypto in Swift frameworks safely for iOS?

Community
  • 1
  • 1
Jan Cássio
  • 2,076
  • 29
  • 41

1 Answers1

2

Looking at the documentation from Apple, the suggestion for said error is to make sure that the option of using "Require Only App-Extension-Safe API" is checked.

To configure an app extension target to use an embedded framework, set the target’s “Require Only App-Extension-Safe API” build setting to Yes. If you don’t, Xcode reminds you to do so by displaying the warning “linking against dylib not safe for use in application extensions”.

Here's the full documentation on extensions

It is also worth noting that parts of the CommonCrypto API might not be available, as per this discussion

Henri Normak
  • 4,695
  • 2
  • 23
  • 33
  • Thanks @Henri, I did this in [my library](http://jancassio.github.io/SweetHMAC/) a couple weeks ago and this fixed the problem. And yes, I forget to update my question with the solution, I think is fair enough to mark your answer as correct too. Thanks for advice. – Jan Cássio Apr 28 '15 at 12:44