Investigate AES GCM Mode

[wbond]

OpenSSL 1.0.x and CNG support AES GCM mode.

While not publicly documented on the Apple developer documentation, it appears that AES GCM is available via http://www.opensource.apple.com/source/CommonCrypto/CommonCrypto-60061/lib/CommonCryptorGCM.c. We need to figure out if these functions are exposed in /usr/lib/system/libcommonCrypto.dylib and for what versions of OS X they are available.

Unfortunately OpenSSL 0.9.8 does not support AES GCM, so there will never be a way to support it there. However, most Linux distros are on OpenSSL 1.0.x now, and OS X has its own native libraries.

[wbond]

0.9.8 is EOL in just over a month, so that should not be a practical factor.

[wbond]

OS X 10.7 does not support GCM mode. OS X 10.7 last received a security update in September 2014 (https://support.apple.com/en-us/HT201393). As of now, it seems to account for about 5% of internet traffic (https://www.gosquared.com/global/mac/el-capitan/#launch).

While ideally 10.7 would be supported, since the encryption mode is unavailable via CommonCrypto or OpenSSL 0.9.8, there would be no way to provide it.

[wbond]

To update this with recent developments: GCM mode should be added, however the oldest version of each platform will be unsupported:

• The winlegacy backend (aka Windows XP)
• OS X 10.7
• OpenSSL 0.9.8

Generally, AES GCM isn't required for any of the crypto protocols I've been working with. For developers who do require it, they just won't be able to support users on the oldest of the supported operating systems.

Currently none of Windows XP, OS X 10.7 or OpenSSL 0.9.8 are supported by any of the respective organizations, so I don't believe this will be much of an issue.

[frennkie]

It would be great if AES GCM could be supported. RFC 8551 defines AES-128 GCM and AES-256 GCM as a MUST in section 2.7.

[wbond]

I don’t currently have a need for GCM, nor time to work on it, but would be happy to review a PR if someone spent time working on it.