Support AES-GCM for iOS-like platforms #91523
Comments
ghost
added
the
|
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones Issue DetailsAES-GCM algorithm (as well as ChaCha20Poly1305) as available for macOS, powered by CryptoKit, but not on iOS. As CryptoKit is also available on iOS (iOS 13+), maybe there is an easy way to also bring support to iOS? Motivation: I am building a cross-platform app for Windows, iOS, Android & macOS. Missing support for AES-GCM on iOS forces me to either pull in an additional dependency (e.g. BouncyCastle) or use AES-CBC (which seemingly the whole internet is advising against in favor of AES-GCM)
|
|
Tagging subscribers to 'os-ios': @steveisok, @akoeplinger, @kotlarmilos Issue DetailsAES-GCM algorithm (as well as ChaCha20Poly1305) as available for macOS, powered by CryptoKit, but not on iOS. As CryptoKit is also available on iOS (iOS 13+), maybe there is an easy way to also bring support to iOS? Motivation: I am building a cross-platform app for Windows, iOS, Android & macOS. Missing support for AES-GCM on iOS forces me to either pull in an additional dependency (e.g. BouncyCastle) or use AES-CBC (which seemingly the whole internet is advising against in favor of AES-GCM)
|
|
Yes, available for macOS, but not iOS - that's why I opened this issue :) |
Yep, sorry, didn't notice 🙂 |
The last time @filipnavara and I looked in to this, there were challenges for mobile Apple platforms. This comment for ChaCha20Poly1305 summarizes things: #52482 (comment) That issue also tracks ChaCha20Poly1305 for iOS / tvOS as well. |
|
@filipnavara has the state of this changed with |
|
We discussed it in June with @akoeplinger. The current situation is that we still support iOS versions without built-in Swift. That may change in .NET 9 but nothing is set in stone yet. The old workaround to weakly link against system Swift libraries no longer works because Apple decided to move parts of swiftFoundation into Foundation framework. Thus you need to additionally tell the linker to weakly link to Foundation framework itself. It's doable but fragile and likely not worth the effort. If we are targeting .NET 9 at this point then we may as well get the necessary minimum iOS version bump and do it the proper/simple way. |
|
Cross referencing this: #91736 I believe that is the major blocker for this. Once this is addressed we can link to the swift runtime. CryptoKit is still iOS 13 though. We can use |
vcsjones
changed the title
|
Tagging subscribers to 'os-tvos': @steveisok, @akoeplinger Issue DetailsAES-GCM algorithm (as well as ChaCha20Poly1305 and AES-CCM) are available for macOS, powered by CryptoKit, but not on iOS. As CryptoKit is also available on iOS (iOS 13+), maybe there is an easy way to also bring support to iOS? Motivation: I am building a cross-platform app for Windows, iOS, Android & macOS. Missing support for AES-GCM on iOS forces me to either pull in an additional dependency (e.g. BouncyCastle) or use AES-CBC (which seemingly the whole internet is advising against in favor of AES-GCM)
|
…via CryptoKit Now that we support minimum OS versions that ship with Swift we can enable CryptoKit and pal_swiftbindings.swift. Fixes dotnet#91523
dotnet-policy-service
bot
added
the
in-pr
AES-GCM algorithm (as well as ChaCha20Poly1305 and AES-CCM) are available for macOS, powered by CryptoKit, but not on iOS.
As CryptoKit is also available on iOS (iOS 13+), maybe there is an easy way to also bring support to iOS?
Motivation: I am building a cross-platform app for Windows, iOS, Android & macOS. Missing support for AES-GCM on iOS forces me to either pull in an additional dependency (e.g. BouncyCastle) or use AES-CBC (which seemingly the whole internet is advising against in favor of AES-GCM)
NOTE: once this is implemented we should update the docs: https://github.com/dotnet/docs/blob/main/docs/standard/security/cross-platform-cryptography.md
The text was updated successfully, but these errors were encountered: