Stop using private CommonCrypto APIs on iOS (#170)

**Issue:** App Store submissions are being rejected due to use of non-public CommonCrypto functions for doing AES GCM: - awslabs/aws-crt-swift#206 - aws-amplify/amplify-swift#3324 There are no public APIs for doing AES GCM via CommonCrypto **Description of changes:** Remove the code for doing AES GCM (via non-public CommonCrypto functions) on iOS, watchOS, etc
awslabs · Oct 30, 2023 · 5bc0d63 · 5bc0d63
1 parent 033a132
commit 5bc0d63
Showing 1 changed file with 48 additions and 17 deletions.
diff --git a/source/darwin/commoncrypto_aes.c b/source/darwin/commoncrypto_aes.c
@@ -9,11 +9,20 @@
 #include <CommonCrypto/CommonHMAC.h>
 #include <CommonCrypto/CommonSymmetricKeywrap.h>
 
-#include "common_cryptor_spi.h"
-
-#if (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && (__MAC_OS_X_VERSION_MAX_ALLOWED >= 101300 /* macOS 10.13 */)) ||       \
-    (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && (__IPHONE_OS_VERSION_MAX_ALLOWED >= 110000 /* iOS v11 */))
-#    define USE_LATEST_CRYPTO_API 1
+#ifdef AWS_OS_MACOS
+/* CommonCrypto does not offer public APIs for doing AES GCM.
+ * There are private APIs for doing it (CommonCryptoSPI.h), but App Store
+ * submissions that reference these private symbols will be rejected.
+ *
+ * Therefore, enable AES GCM via the private APIs on MacOS builds only,
+ * iOS, watchOS, etc will have to do without. */
+#    define SUPPORT_AES_GCM_VIA_SPI 1
+#    include "common_cryptor_spi.h"
+
+#    if (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && (__MAC_OS_X_VERSION_MAX_ALLOWED >= 101300 /* macOS 10.13 */)) ||   \
+        (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && (__IPHONE_OS_VERSION_MAX_ALLOWED >= 110000 /* iOS v11 */))
+#        define USE_LATEST_CRYPTO_API 1
+#    endif
 #endif
 
 struct cc_aes_cipher {
@@ -353,43 +362,45 @@ struct aws_symmetric_cipher *aws_aes_ctr_256_new_impl(
     return &cc_cipher->cipher_base;
 }
 
+#ifdef SUPPORT_AES_GCM_VIA_SPI
+
 /*
  * Note that CCCryptorGCMFinal is deprecated in Mac 10.13. It also doesn't compare the tag with expected tag
  * https://opensource.apple.com/source/CommonCrypto/CommonCrypto-60118.1.1/include/CommonCryptorSPI.h.auto.html
  */
 static CCStatus s_cc_crypto_gcm_finalize(struct _CCCryptor *encryptor_handle, uint8_t *buffer, size_t tag_length) {
-#ifdef USE_LATEST_CRYPTO_API
+#    ifdef USE_LATEST_CRYPTO_API
     if (__builtin_available(macOS 10.13, iOS 11.0, *)) {
         return CCCryptorGCMFinalize(encryptor_handle, buffer, tag_length);
     } else {
 /* We would never hit this branch for newer macOS and iOS versions because of the __builtin_available check, so we can
  * suppress the compiler warning. */
-#    pragma clang diagnostic push
-#    pragma clang diagnostic ignored "-Wdeprecated-declarations"
+#        pragma clang diagnostic push
+#        pragma clang diagnostic ignored "-Wdeprecated-declarations"
         return CCCryptorGCMFinal(encryptor_handle, buffer, &tag_length);
-#    pragma clang diagnostic pop
+#        pragma clang diagnostic pop
     }
-#else
+#    else
     return CCCryptorGCMFinal(encryptor_handle, buffer, &tag_length);
 
-#endif
+#    endif
 }
 
 static CCCryptorStatus s_cc_cryptor_gcm_set_iv(struct _CCCryptor *encryptor_handle, uint8_t *buffer, size_t length) {
-#ifdef USE_LATEST_CRYPTO_API
+#    ifdef USE_LATEST_CRYPTO_API
     if (__builtin_available(macOS 10.13, iOS 11.0, *)) {
         return CCCryptorGCMSetIV(encryptor_handle, buffer, length);
     } else {
 /* We would never hit this branch for newer macOS and iOS versions because of the __builtin_available check, so we can
  * suppress the compiler warning. */
-#    pragma clang diagnostic push
-#    pragma clang diagnostic ignored "-Wdeprecated-declarations"
+#        pragma clang diagnostic push
+#        pragma clang diagnostic ignored "-Wdeprecated-declarations"
         return CCCryptorGCMAddIV(encryptor_handle, buffer, length);
-#    pragma clang diagnostic pop
+#        pragma clang diagnostic pop
     }
-#else
+#    else
     return CCCryptorGCMAddIV(encryptor_handle, buffer, length);
-#endif
+#    endif
 }
 
 static int s_finalize_gcm_encryption(struct aws_symmetric_cipher *cipher, struct aws_byte_buf *out) {
@@ -581,6 +592,26 @@ struct aws_symmetric_cipher *aws_aes_gcm_256_new_impl(
     return &cc_cipher->cipher_base;
 }
 
+#else /* !SUPPORT_AES_GCM_VIA_SPI */
+
+struct aws_symmetric_cipher *aws_aes_gcm_256_new_impl(
+    struct aws_allocator *allocator,
+    const struct aws_byte_cursor *key,
+    const struct aws_byte_cursor *iv,
+    const struct aws_byte_cursor *aad,
+    const struct aws_byte_cursor *tag) {
+
+    (void)allocator;
+    (void)key;
+    (void)iv;
+    (void)aad;
+    (void)tag;
+    aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED);
+    return NULL;
+}
+
+#endif /* SUPPORT_AES_GCM_VIA_SPI */
+
 static int s_keywrap_encrypt_decrypt(
     struct aws_symmetric_cipher *cipher,
     struct aws_byte_cursor input,