<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi team,<br><br>I am digging on the CommonCrypto API and I found some issues. Specifically:<br><br>a) GCM mode for AES symmetric encryption is part of a private API. See [1] the public interface of the current definitions of supported modes of operation. 'kCCModeGCM' is missing _although_ digging on the source code of the apple's web site it is defined in [2] 'private' (The file is included from a private interface here [3]). Also here is the implementation of the GCM mode in [4] and test cases that exercise it [5]. Not sure why Apple left it out in public. On my search, one area in which they use this mode is on the KeyChain from iOS 5 onwards, see 'KeyChain' section here [6]<br><br>b) Generation of asymmetric ECC keys and encryption is supported by CommonCrypto but _again_ under a private interface, see [7] and [8]. ECC is used in the protection class 'NSFileProtectionCompleteUnlessOpen' according to the iOS Security doc here [9]. In the meeting there was a plan B for it, RSA with Diffie Hellman. I am looking at it, but to my current knowledge is supported if you trust the apple docs here [10] <br><br>My worry is how can we proceed with the first issue.<br><br>As a side note, during my search I discovered Crypto++ [11] , which seems to offer many of the features we are trying to support. Con is a C++ interface although an iOS distribution of it exists (see [12]), and there is an iOS wiki page in the library home page [13]. Needs more research.<br><br>Thanks,<br>Christos<br><br><br>[1] <a href="https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-L667">https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-L667</a><br>[2] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptorSPI.h#L70">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptorSPI.h#L70</a><br>[3] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptoPriv.h">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptoPriv.h</a><br>[4] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonGCMCryptor.c">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonGCMCryptor.c</a><br>[5] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/CCRegression/CommonCrypto/CommonCryptoSymGCM.c">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/CCRegression/CommonCrypto/CommonCryptoSymGCM.c</a><br>[6] <a href="http://esec-lab.sogeti.com/post/iOS-5-data-protection-updates">http://esec-lab.sogeti.com/post/iOS-5-data-protection-updates</a><br>[7] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonECCryptor.h">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonECCryptor.h</a><br>[8] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonECCryptor.c">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonECCryptor.c</a><br>[9] <a href="http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf">http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf</a><br>[10]<a href="https://developer.apple.com/library/ios/documentation/security/conceptual/cryptoservices/CryptographyConcepts/CryptographyConcepts.html#//apple_ref/doc/uid/TP40011172-CH8-CHDCCDIA">https://developer.apple.com/library/ios/documentation/security/conceptual/cryptoservices/CryptographyConcepts/CryptographyConcepts.html#//apple_ref/doc/uid/TP40011172-CH8-CHDCCDIA</a><br>[11] <a href="http://www.cryptopp.com/">http://www.cryptopp.com</a><br>[12] <a href="https://github.com/noloader/cryptopp-5.6.2-ios">https://github.com/noloader/cryptopp-5.6.2-ios</a><br>[13] <a href="http://www.cryptopp.com/wiki/IOS_(Xcode)">http://www.cryptopp.com/wiki/IOS_(Xcode)</a></body></html>