I've created a simple lib to use HMAC digest for Swift called "SweetHMAC". This lib is so simple, basically is a wrapper to CommonHMAC.h in Swift.
I can build and deploy any iOS project using SweetHMAC correctly but, seems by some security issue, my approach is not safe. There is the warning I receive after run the iOS tests for example.
warning: linking against dylib not safe for use in application extensions
This code is not safe enough to put in iOS AppStore, and the app can be rejected by that. For OSX, there is no problems.
I know, there are HMAC ports for Swift, but my challenge is to try to enable Swift to use CommonCrypto safely.
I have implemented this project using this approach and works fine!
My question is, how possible is to create and use use modules like CommonCrypto in Swift frameworks safely for iOS?
Looking at the documentation from Apple, the suggestion for said error is to make sure that the option of using "Require Only App-Extension-Safe API" is checked.
To configure an app extension target to use an embedded framework, set the target’s “Require Only App-Extension-Safe API” build setting to Yes. If you don’t, Xcode reminds you to do so by displaying the warning “linking against dylib not safe for use in application extensions”.
Here's the full documentation on extensions
It is also worth noting that parts of the CommonCrypto API might not be available, as per this discussion