Avoid unnecessary copies of BoringSSL (#94)

Motivation:

When using only the CryptoKit API on Apple platforms we have always
thunked through to the CryptoKit interface and implementation. However,
we didn't do a thorough job of preventing the BoringSSL target from
getting compiled and linked.

We can do a better job now, which will save compile times and binary
sizes in many cases.

Modifications:

- Change Package.swift to express a target specific dependency in most
  cases.
- Preserve a development mode which overrides that target specific
  dependency.
- Add the missing compile guards.

Results:

Smaller binaries and faster compiles on Apple platforms.

Author: Lukasa

Package.swift

@@ -24,11 +24,34 @@
 
 import PackageDescription
 
-let swiftSettings: [SwiftSetting] = [
-    .define("CRYPTO_IN_SWIFTPM"),
-    // To develop this on Apple platforms, uncomment this define.
-    // .define("CRYPTO_IN_SWIFTPM_FORCE_BUILD_API"),
-]
+// To develop this on Apple platforms, set this to true
+let development = false
+
+let swiftSettings: [SwiftSetting]
+let dependencies: [Target.Dependency]
+if development {
+    swiftSettings = [
+        .define("CRYPTO_IN_SWIFTPM"),
+        .define("CRYPTO_IN_SWIFTPM_FORCE_BUILD_API"),
+    ]
+    dependencies = [
+        "CCryptoBoringSSL",
+        "CCryptoBoringSSLShims"
+    ]
+} else {
+    swiftSettings = [
+        .define("CRYPTO_IN_SWIFTPM"),
+    ]
+    let platforms: [Platform] = [
+        Platform.linux,
+        Platform.android,
+        Platform.windows,
+    ]
+    dependencies = [
+        .target(name: "CCryptoBoringSSL", condition: .when(platforms: platforms)),
+        .target(name: "CCryptoBoringSSLShims", condition: .when(platforms: platforms))
+    ]
+}
 
 let package = Package(
     name: "swift-crypto",
@@ -48,20 +71,42 @@ let package = Package(
     dependencies: [],
     targets: [
         .target(
-          name: "CCryptoBoringSSL",
-          cSettings: [
-            /*
-             * This define is required on Windows, but because we need older
-             * versions of SPM, we cannot conditionally define this on Windows
-             * only.  Unconditionally define it instead.
-             */
-            .define("WIN32_LEAN_AND_MEAN"),
-          ]
+            name: "CCryptoBoringSSL",
+            exclude: [
+                "hash.txt",
+                "include/boringssl_prefix_symbols_nasm.inc",
+                "CMakeLists.txt",
+            ],
+            cSettings: [
+                /*
+                 * This define is required on Windows, but because we need older
+                 * versions of SPM, we cannot conditionally define this on Windows
+                 * only.  Unconditionally define it instead.
+                 */
+                .define("WIN32_LEAN_AND_MEAN"),
+            ]
+        ),
+        .target(
+            name: "CCryptoBoringSSLShims",
+            dependencies: ["CCryptoBoringSSL"],
+            exclude: [
+                "CMakeLists.txt"
+            ]
+        ),
+        .target(
+            name: "Crypto",
+            dependencies: dependencies,
+            exclude: [
+                "CMakeLists.txt",
+                "AEADs/Nonces.swift.gyb",
+                "Digests/Digests.swift.gyb",
+                "Key Agreement/ECDH.swift.gyb",
+                "Signatures/ECDSA.swift.gyb",
+            ],
+            swiftSettings: swiftSettings
         ),
-        .target(name: "CCryptoBoringSSLShims", dependencies: ["CCryptoBoringSSL"]),
-        .target(name: "Crypto", dependencies: ["CCryptoBoringSSL", "CCryptoBoringSSLShims"], swiftSettings: swiftSettings),
         .target(name: "_CryptoExtras", dependencies: ["CCryptoBoringSSL", "CCryptoBoringSSLShims", "Crypto"]),
-        .target(name: "crypto-shasum", dependencies: ["Crypto"]),
+        .executableTarget(name: "crypto-shasum", dependencies: ["Crypto"]),
         .testTarget(name: "CryptoTests", dependencies: ["Crypto"], swiftSettings: swiftSettings),
         .testTarget(name: "_CryptoExtrasTests", dependencies: ["_CryptoExtras"]),
     ],

Sources/Crypto/Keys/EC/BoringSSL/EllipticCurvePoint_boring.swift

@@ -11,6 +11,9 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 //===----------------------------------------------------------------------===//
+#if (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+@_exported import CryptoKit
+#else
 @_implementationOnly import CCryptoBoringSSL
 
 /// A wrapper around BoringSSL's EC_POINT with some lifetime management.
@@ -76,3 +79,4 @@ extension EllipticCurvePoint {
         return (x: x, y: y)
     }
 }
+#endif // (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API

Sources/Crypto/Keys/EC/BoringSSL/EllipticCurve_boring.swift

@@ -11,6 +11,9 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 //===----------------------------------------------------------------------===//
+#if (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+@_exported import CryptoKit
+#else
 @_implementationOnly import CCryptoBoringSSL
 
 /// A wrapper around BoringSSL's EC_GROUP object that handles reference counting and
@@ -117,3 +120,4 @@ extension BoringSSLEllipticCurveGroup.CurveName {
         }
     }
 }
+#endif // (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API

Sources/Crypto/Signatures/BoringSSL/ECDSASignature_boring.swift

@@ -11,6 +11,9 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 //===----------------------------------------------------------------------===//
+#if (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+@_exported import CryptoKit
+#else
 @_implementationOnly import CCryptoBoringSSL
 @_implementationOnly import CCryptoBoringSSLShims
 import Foundation
@@ -101,3 +104,4 @@ class ECDSASignature {
         try body(self._baseSig)
     }
 }
+#endif // (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API

Sources/Crypto/Util/BoringSSL/ArbitraryPrecisionInteger_boring.swift

@@ -11,6 +11,9 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 //===----------------------------------------------------------------------===//
+#if (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+@_exported import CryptoKit
+#else
 @_implementationOnly import CCryptoBoringSSL
 @_implementationOnly import CCryptoBoringSSLShims
 import Foundation
@@ -439,3 +442,4 @@ extension ArbitraryPrecisionInteger: CustomDebugStringConvertible {
         return String(decoding: UnsafeBufferPointer(start: stringPointer, count: length), as: Unicode.UTF8.self)
     }
 }
+#endif // (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API

Sources/Crypto/Util/BoringSSL/CryptoKitErrors_boring.swift

@@ -11,6 +11,9 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 //===----------------------------------------------------------------------===//
+#if (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+@_exported import CryptoKit
+#else
 @_implementationOnly import CCryptoBoringSSL
 
 extension CryptoKitError {
@@ -20,3 +23,4 @@ extension CryptoKitError {
         .underlyingCoreCryptoError(error: Int32(bitPattern: CCryptoBoringSSL_ERR_get_error()))
     }
 }
+#endif // (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API

Sources/Crypto/Util/BoringSSL/FiniteFieldArithmeticContext_boring.swift

@@ -11,6 +11,9 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 //===----------------------------------------------------------------------===//
+#if (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+@_exported import CryptoKit
+#else
 @_implementationOnly import CCryptoBoringSSL
 import Foundation
 
@@ -153,3 +156,4 @@ extension FiniteFieldArithmeticContext {
         return try ArbitraryPrecisionInteger(copying: actualOutputPointer)
     }
 }
+#endif // (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API

Tests/CryptoTests/BoringSSL/ArbitraryPrecisionIntegerTests.swift

@@ -11,6 +11,8 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 //===----------------------------------------------------------------------===//
+#if (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
+#else
 @testable import Crypto
 import XCTest
 
@@ -110,3 +112,4 @@ final class ArbitraryPrecisionIntegerTests: XCTestCase {
         XCTAssertTrue(two >= two)
     }
 }
+#endif // (os(macOS) || os(iOS) || os(watchOS) || os(tvOS)) && CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API

scripts/soundness.sh

@@ -85,7 +85,7 @@ find Sources/* Tests/* -name BoringSSL -type d | while IFS= read -r d; do
 done
 
 printf "=> Checking #defines..."
-if grep '\.define("CRYPTO_IN_SWIFTPM_FORCE_BUILD_API")' Package.swift | grep -v "//" > /dev/null; then
+if grep 'development = true' Package.swift > /dev/null; then
   printf "\033[0;31mstill in development mode!\033[0m Comment out CRYPTO_IN_SWIFTPM_FORCE_BUILD_API.\n"
   exit 1
 else