[aerogear-dev] iOS Crypto findings
Corinne Krych
corinnekrych at gmail.com
Thu Oct 10 15:36:17 EDT 2013
According to
https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-L669
CBC is supported.
Maybe it's worth investigating OpenSSL vs PolarSSL iOS support.
Interesting work dto dig further
https://github.com/x2on/OpenSSL-for-iPhone
http://x2on.de/2010/12/16/tutorial-script-for-building-openssl-for-ios-iphoneipad/
or
https://github.com/x2on/PolarSSL-for-iOS
++
Corinne
On Oct 10, 2013, at 8:39 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> Aloha, looks like Apple wants to hide all the good crypto! Have you got
> the chance to look at this? https://github.com/rnapier/RNCryptor I also
> see some developers using OpenSSL as an alternative. My suggestion:
>
> a) If you think this item is tricky to implement atm consider AES with
> CBC or AES with CCM (We can support it on the server if necessary). I
> was trying to find which modes is currently supported but looks like the
> documentation is super safe, because I can't find it
>
> b) It can be done with OpenSSL in the worst case scenario (not saying is
> a piece of cake to do, just possible). Let's start simple first.
>
> Regarding http://www.cryptopp.com/ looks like they have all that we
> need, maybe worth to take a look at this. What do you think? Off the top
> of my head I only can see 3 alternatives:
>
> 1- Implement encryption with what CommonCrypto provides
> 2- Try cryptopp or another alternative
> 3- Implement it with OpenSSL. For example SilentCircle make use of
> PolarSSL
> https://github.com/SilentCircle/silent-phone-base/tree/master/libs. I'm
> not saying to do the same, just an example.
>
>> Christos Vasilakis <mailto:cvasilak at gmail.com>
>> October 10, 2013 2:29 PM
>> Hi team,
>>
>> I am digging on the CommonCrypto API and I found some issues.
>> Specifically:
>>
>> a) GCM mode for AES symmetric encryption is part of a private API.
>> See [1] the public interface of the current definitions of supported
>> modes of operation. 'kCCModeGCM' is missing _although_ digging on the
>> source code of the apple's web site it is defined in [2] 'private'
>> (The file is included from a private interface here [3]). Also here
>> is the implementation of the GCM mode in [4] and test cases that
>> exercise it [5]. Not sure why Apple left it out in public. On my
>> search, one area in which they use this mode is on the KeyChain from
>> iOS 5 onwards, see 'KeyChain' section here [6]
>>
>> b) Generation of asymmetric ECC keys and encryption is supported by
>> CommonCrypto but _again_ under a private interface, see [7] and [8].
>> ECC is used in the protection class
>> 'NSFileProtectionCompleteUnlessOpen' according to the iOS Security doc
>> here [9]. In the meeting there was a plan B for it, RSA with Diffie
>> Hellman. I am looking at it, but to my current knowledge is supported
>> if you trust the apple docs here [10]
>>
>> My worry is how can we proceed with the first issue.
>>
>> As a side note, during my search I discovered Crypto++ [11] , which
>> seems to offer many of the features we are trying to support. Con is a
>> C++ interface although an iOS distribution of it exists (see [12]),
>> and there is an iOS wiki page in the library home page [13]. Needs
>> more research.
>>
>> Thanks,
>> Christos
>>
>>
>> [1] https://gist.github.com/cvasilak/b967893655a04cbe5b7b#file-gistfile1-txt-L667
>> [2] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptorSPI.h#L70
>> [3] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonCryptoPriv.h
>> [4] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonGCMCryptor.c
>> [5] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/CCRegression/CommonCrypto/CommonCryptoSymGCM.c
>> [6] http://esec-lab.sogeti.com/post/iOS-5-data-protection-updates
>> [7] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/CommonCryptoSPI/CommonECCryptor.h
>> [8] https://github.com/Apple-FOSS-Mirror/CommonCrypto/blob/master/Source/API/CommonECCryptor.c
>> [9] http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf
>> [10]https://developer.apple.com/library/ios/documentation/security/conceptual/cryptoservices/CryptographyConcepts/CryptographyConcepts.html#//apple_ref/doc/uid/TP40011172-CH8-CHDCCDIA
>> [11] http://www.cryptopp.com <http://www.cryptopp.com/>
>> [12] https://github.com/noloader/cryptopp-5.6.2-ios
>> [13] http://www.cryptopp.com/wiki/IOS_(Xcode)
>> <http://www.cryptopp.com/wiki/IOS_%28Xcode%29>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> --
> abstractj
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list