[aerogear-dev] iOS Crypto findings

Hi team, I am digging on the CommonCrypto API and I found some issues. Specifically: a) GCM mode for AES symmetric encryption is part of a private API. See [1] the public interface of the current definitions of supported modes of operation. 'kCCModeGCM' is missing _although_ digging on the source code of the apple's web site it is defined in [2] 'private' (The file is included from a private interface here [3]). Also here is the implementation of the GCM mode in [4] and test cases that exercise it [5]. Not sure why Apple left it out in public. On my search, one area in which they use this mode is on the KeyChain from iOS 5 onwards, see 'KeyChain' section here [6] b) Generation of asymmetric ECC keys and encryption is supported by CommonCrypto but _again_ under a private interface, see [7] and [8]. ECC is used in the protection class 'NSFileProtectionCompleteUnlessOpen' according to the iOS Security doc here [9]. In the meeting there was a plan B for it, RSA with Diffie Hellman. I am looking at it, but to my current knowledge is supported if you trust the apple docs here [10] My worry is how can we proceed with the first issue. As a side note, during my search I discovered Crypto++ [11] , which seems to offer many of the features we are trying to support. Con is a C++ interface although an iOS distribution of it exists (see [12]), and there is an iOS wiki page in the library home page [13]. Needs more research. Thanks, Christos [1] https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-... [2] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/Comm... [3] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/Comm... [4] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/... [5] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/CCRegressio... [6] http://esec-lab.sogeti.com/post/iOS-5-data-protection-updates [7] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/Comm... [8] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/... [9] http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf [10]https://developer.apple.com/library/ios/documentation/security/concept... [11] http://www.cryptopp.com [12] https://github.com/noloader/cryptopp-5.6.2-ios [13] http://www.cryptopp.com/wiki/IOS_(Xcode)