<div dir="ltr">@licenses: <div>* PolarSSL is dual-licensed (GPL + commercial) --> nope<br></div><div>* the Crypto++ is licensed via Boost ( a C++ library license) </div><div><br></div><div>I am not sure if for JBoss the license is OK, but.... the ASF is OK with using that license..... (see [1] and [2]).</div>
<div>[1] <a href="http://www.apache.org/legal/resolved.html">http://www.apache.org/legal/resolved.html</a><br></div><div>[2] <a href="https://issues.apache.org/jira/browse/LEGAL-101">https://issues.apache.org/jira/browse/LEGAL-101</a></div>
<div><br></div><div>regardless the _technical_ issue is: C++ based... so the integration is odd;</div><div><br></div><div>-Matthias</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Oct 11, 2013 at 11:24 AM, Corinne Krych <span dir="ltr"><<a href="mailto:corinnekrych@gmail.com" target="_blank">corinnekrych@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi All,<br>
<br>
Discussing with iOS team with all possible options taking into account OS licenses and encryption algorithms coverage, we'd like to move forward investigating openSSL srtarting with this interesting entry point:<br>
> <a href="https://github.com/x2on/OpenSSL-for-iPhone" target="_blank">https://github.com/x2on/OpenSSL-for-iPhone</a><br>
<br>
<br>
We'll tell you more soon.<br>
++<br>
<span class="HOEnZb"><font color="#888888">Corinne.<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
On Oct 10, 2013, at 9:36 PM, Corinne Krych <<a href="mailto:corinnekrych@gmail.com">corinnekrych@gmail.com</a>> wrote:<br>
<br>
> According to<br>
> <a href="https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-L669" target="_blank">https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-L669</a><br>
> CBC is supported.<br>
><br>
> Maybe it's worth investigating OpenSSL vs PolarSSL iOS support.<br>
> Interesting work dto dig further<br>
> <a href="https://github.com/x2on/OpenSSL-for-iPhone" target="_blank">https://github.com/x2on/OpenSSL-for-iPhone</a><br>
> <a href="http://x2on.de/2010/12/16/tutorial-script-for-building-openssl-for-ios-iphoneipad/" target="_blank">http://x2on.de/2010/12/16/tutorial-script-for-building-openssl-for-ios-iphoneipad/</a><br>
> or<br>
> <a href="https://github.com/x2on/PolarSSL-for-iOS" target="_blank">https://github.com/x2on/PolarSSL-for-iOS</a><br>
><br>
> ++<br>
> Corinne<br>
><br>
> On Oct 10, 2013, at 8:39 PM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>> wrote:<br>
><br>
>> Aloha, looks like Apple wants to hide all the good crypto! Have you got<br>
>> the chance to look at this? <a href="https://github.com/rnapier/RNCryptor" target="_blank">https://github.com/rnapier/RNCryptor</a> I also<br>
>> see some developers using OpenSSL as an alternative. My suggestion:<br>
>><br>
>> a) If you think this item is tricky to implement atm consider AES with<br>
>> CBC or AES with CCM (We can support it on the server if necessary). I<br>
>> was trying to find which modes is currently supported but looks like the<br>
>> documentation is super safe, because I can't find it<br>
>><br>
>> b) It can be done with OpenSSL in the worst case scenario (not saying is<br>
>> a piece of cake to do, just possible). Let's start simple first.<br>
>><br>
>> Regarding <a href="http://www.cryptopp.com/" target="_blank">http://www.cryptopp.com/</a> looks like they have all that we<br>
>> need, maybe worth to take a look at this. What do you think? Off the top<br>
>> of my head I only can see 3 alternatives:<br>
>><br>
>> 1- Implement encryption with what CommonCrypto provides<br>
>> 2- Try cryptopp or another alternative<br>
>> 3- Implement it with OpenSSL. For example SilentCircle make use of<br>
>> PolarSSL<br>
>> <a href="https://github.com/SilentCircle/silent-phone-base/tree/master/libs" target="_blank">https://github.com/SilentCircle/silent-phone-base/tree/master/libs</a>. I'm<br>
>> not saying to do the same, just an example.<br>
>><br>
>>> Christos Vasilakis <mailto:<a href="mailto:cvasilak@gmail.com">cvasilak@gmail.com</a>><br>
>>> October 10, 2013 2:29 PM<br>
>>> Hi team,<br>
>>><br>
>>> I am digging on the CommonCrypto API and I found some issues.<br>
>>> Specifically:<br>
>>><br>
>>> a) GCM mode for AES symmetric encryption is part of a private API.<br>
>>> See [1] the public interface of the current definitions of supported<br>
>>> modes of operation. 'kCCModeGCM' is missing _although_ digging on the<br>
>>> source code of the apple's web site it is defined in [2] 'private'<br>
>>> (The file is included from a private interface here [3]). Also here<br>
>>> is the implementation of the GCM mode in [4] and test cases that<br>
>>> exercise it [5]. Not sure why Apple left it out in public. On my<br>
>>> search, one area in which they use this mode is on the KeyChain from<br>
>>> iOS 5 onwards, see 'KeyChain' section here [6]<br>
>>><br>
>>> b) Generation of asymmetric ECC keys and encryption is supported by<br>
>>> CommonCrypto but _again_ under a private interface, see [7] and [8].<br>
>>> ECC is used in the protection class<br>
>>> 'NSFileProtectionCompleteUnlessOpen' according to the iOS Security doc<br>
>>> here [9]. In the meeting there was a plan B for it, RSA with Diffie<br>
>>> Hellman. I am looking at it, but to my current knowledge is supported<br>
>>> if you trust the apple docs here [10]<br>
>>><br>
>>> My worry is how can we proceed with the first issue.<br>
>>><br>
>>> As a side note, during my search I discovered Crypto++ [11] , which<br>
>>> seems to offer many of the features we are trying to support. Con is a<br>
>>> C++ interface although an iOS distribution of it exists (see [12]),<br>
>>> and there is an iOS wiki page in the library home page [13]. Needs<br>
>>> more research.<br>
>>><br>
>>> Thanks,<br>
>>> Christos<br>
>>><br>
>>><br>
>>> [1] <a href="https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-L667" target="_blank">https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-L667</a><br>
>>> [2] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptorSPI.h#L70" target="_blank">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptorSPI.h#L70</a><br>
>>> [3] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptoPriv.h" target="_blank">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptoPriv.h</a><br>
>>> [4] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonGCMCryptor.c" target="_blank">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonGCMCryptor.c</a><br>
>>> [5] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/CCRegression/CommonCrypto/CommonCryptoSymGCM.c" target="_blank">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/CCRegression/CommonCrypto/CommonCryptoSymGCM.c</a><br>
>>> [6] <a href="http://esec-lab.sogeti.com/post/iOS-5-data-protection-updates" target="_blank">http://esec-lab.sogeti.com/post/iOS-5-data-protection-updates</a><br>
>>> [7] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonECCryptor.h" target="_blank">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonECCryptor.h</a><br>
>>> [8] <a href="https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonECCryptor.c" target="_blank">https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonECCryptor.c</a><br>
>>> [9] <a href="http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf" target="_blank">http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf</a><br>
>>> [10]<a href="https://developer.apple.com/library/ios/documentation/security/conceptual/cryptoservices/CryptographyConcepts/CryptographyConcepts.html#//apple_ref/doc/uid/TP40011172-CH8-CHDCCDIA" target="_blank">https://developer.apple.com/library/ios/documentation/security/conceptual/cryptoservices/CryptographyConcepts/CryptographyConcepts.html#//apple_ref/doc/uid/TP40011172-CH8-CHDCCDIA</a><br>
>>> [11] <a href="http://www.cryptopp.com" target="_blank">http://www.cryptopp.com</a> <<a href="http://www.cryptopp.com/" target="_blank">http://www.cryptopp.com/</a>><br>
>>> [12] <a href="https://github.com/noloader/cryptopp-5.6.2-ios" target="_blank">https://github.com/noloader/cryptopp-5.6.2-ios</a><br>
>>> [13] <a href="http://www.cryptopp.com/wiki/IOS_(Xcode)" target="_blank">http://www.cryptopp.com/wiki/IOS_(Xcode)</a><br>
>>> <<a href="http://www.cryptopp.com/wiki/IOS_%28Xcode%29" target="_blank">http://www.cryptopp.com/wiki/IOS_%28Xcode%29</a>><br>
>>> _______________________________________________<br>
>>> aerogear-dev mailing list<br>
>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
>><br>
>> --<br>
>> abstractj<br>
>><br>
>><br>
>> _______________________________________________<br>
>> aerogear-dev mailing list<br>
>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
><br>
<br>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>