[aerogear-dev] iOS Crypto findings

Corinne Krych corinnekrych at gmail.com
Fri Oct 11 05:24:47 EDT 2013 

Hi All,

Discussing with iOS team with all possible options taking into account OS licenses and encryption algorithms coverage, we'd like to move forward investigating openSSL srtarting with this interesting entry point:
> https://github.com/x2on/OpenSSL-for-iPhone


We'll tell you more soon. 
++
Corinne.

On Oct 10, 2013, at 9:36 PM, Corinne Krych <corinnekrych at gmail.com> wrote:

> According to 
> https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-L669
> CBC is supported. 
> 
> Maybe it's worth investigating OpenSSL vs PolarSSL iOS support.
> Interesting work dto dig further
> https://github.com/x2on/OpenSSL-for-iPhone
> http://x2on.de/2010/12/16/tutorial-script-for-building-openssl-for-ios-iphoneipad/
> or
> https://github.com/x2on/PolarSSL-for-iOS
> 
> ++
> Corinne
> 
> On Oct 10, 2013, at 8:39 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> 
>> Aloha, looks like Apple wants to hide all the good crypto! Have you got
>> the chance to look at this? https://github.com/rnapier/RNCryptor I also
>> see some developers using OpenSSL as an alternative. My suggestion:
>> 
>> a) If you think this item is tricky to implement atm consider AES with
>> CBC or AES with CCM (We can support it on the server if necessary). I
>> was trying to find which modes is currently supported but looks like the
>> documentation is super safe, because I can't find it
>> 
>> b) It can be done with OpenSSL in the worst case scenario (not saying is
>> a piece of cake to do, just possible). Let's start simple first.
>> 
>> Regarding http://www.cryptopp.com/ looks like they have all that we
>> need, maybe worth to take a look at this. What do you think? Off the top
>> of my head I only can see 3 alternatives:
>> 
>> 1- Implement encryption with what CommonCrypto provides
>> 2- Try cryptopp or another alternative
>> 3- Implement it with OpenSSL. For example SilentCircle make use of
>> PolarSSL
>> https://github.com/SilentCircle/silent-phone-base/tree/master/libs. I'm
>> not saying to do the same, just an example.
>> 
>>> Christos Vasilakis <mailto:cvasilak at gmail.com>
>>> October 10, 2013 2:29 PM
>>> Hi team,
>>> 
>>> I am digging on the CommonCrypto API and I found some issues.
>>> Specifically:
>>> 
>>> a)  GCM mode for AES symmetric encryption is part of a private API.
>>> See [1] the public interface of the current definitions of supported
>>> modes of operation. 'kCCModeGCM' is missing _although_ digging on the
>>> source code of the apple's web site it is defined in [2]  'private'
>>> (The file is included from a private interface here [3]).  Also here
>>> is the implementation of the GCM mode in [4] and test cases that
>>> exercise it [5]. Not sure why Apple left it out in public. On my
>>> search, one area in which they use this mode is on the KeyChain from
>>> iOS 5 onwards, see 'KeyChain' section here [6]
>>> 
>>> b) Generation of asymmetric  ECC keys and encryption is supported by
>>> CommonCrypto but _again_ under a private interface, see [7] and [8].
>>> ECC is used in the protection class
>>> 'NSFileProtectionCompleteUnlessOpen' according to the iOS Security doc
>>> here [9]. In the meeting there was a plan B for it, RSA with Diffie
>>> Hellman. I am looking at it, but to my current knowledge is supported
>>> if you trust the apple docs here [10] 
>>> 
>>> My worry is how can we proceed with the first issue.
>>> 
>>> As a side note, during my search I discovered Crypto++ [11] , which
>>> seems to offer many of the features we are trying to support. Con is a
>>> C++ interface although an iOS distribution of it exists (see [12]),
>>> and there is an iOS wiki page in the library home page [13].  Needs
>>> more research.
>>> 
>>> Thanks,
>>> Christos
>>> 
>>> 
>>> [1] https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-L667
>>> [2] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptorSPI.h#L70
>>> [3] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptoPriv.h
>>> [4] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonGCMCryptor.c
>>> [5] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/CCRegression/CommonCrypto/CommonCryptoSymGCM.c
>>> [6] http://esec-lab.sogeti.com/post/iOS-5-data-protection-updates
>>> [7] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonECCryptor.h
>>> [8] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonECCryptor.c
>>> [9] http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf
>>> [10]https://developer.apple.com/library/ios/documentation/security/conceptual/cryptoservices/CryptographyConcepts/CryptographyConcepts.html#//apple_ref/doc/uid/TP40011172-CH8-CHDCCDIA
>>> [11] http://www.cryptopp.com <http://www.cryptopp.com/>
>>> [12] https://github.com/noloader/cryptopp-5.6.2-ios
>>> [13] http://www.cryptopp.com/wiki/IOS_(Xcode)
>>> <http://www.cryptopp.com/wiki/IOS_%28Xcode%29>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> 
>> -- 
>> abstractj
>> 
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>

More information about the aerogear-dev mailing list