I am using rsaEncryptionOAEPSHA256AESGCM to encrypt some data using SecKeyCreateEncryptedData on iOS and then decrypting the same data on backend in golang. I am using a 3072 bit rsa public key to encrypt the symmetric key. When I get the data from iOS to backend, I am successfully able to decrypt the symmetric key but the gcm tag verification fails. I am using the same 16-byte IV that iOS uses but have no idea if iOS is using any aad(additional authentication data) when encrypting. Does anyone know if rsaEncryptionOAEPSHA256AESGCM for iOS uses some aad? This is for iOS 10+.
I have already tried using nil, empty 16 byte array, the aes key itself, nonce as the aad but none of these worked.
In Swift:
private let algorithm = SecKeyAlgorithm.rsaEncryptionOAEPSHA256AESGCM
// Key is 3072 bit RSA public key
// API doesnt take any aad
SecKeyCreateEncryptedData(key, algorithm, cfData, &error)
In Golang:
c, err := aes.NewCipher(aesKey)
gcm, err := cipher.NewGCMWithNonceSize(c, 16)
nonce := make([]byte, 16)
// Data has both the ciphertext and the gcm tag as the last 16 bytes
// Last field in the api is the aad
dec, err := gcm.Open(nil, nonce, data, nil)
This is the error I see in golang "cipher: message authentication failed" and the error is thrown from the code which validates the gcm tag.