FEAT: added support for GCM (Galois/Counter Mode) cipher mode

Author: Oldes

make/rebol3.nest

@@ -464,14 +464,6 @@ include-cipher-aria: [
 	core-files: %core/mbedtls/aria.c
 	config: MBEDTLS_ARIA_C
 ]
-include-cipher-gcm: [
-	core-files: %core/mbedtls/gcm.c
-	config: MBEDTLS_GCM_C
-]
-include-cipher-cbc: [
-	; costs cca 1.5kB uncompressed (for AES)
-	config: MBEDTLS_CIPHER_MODE_CBC
-]
 include-cipher-chacha20: [
 	; costs cca 3kB uncompressed
 	core-files: %core/mbedtls/chacha20.c
@@ -483,16 +475,27 @@ include-cipher-chachapoly: [
 	config: MBEDTLS_CHACHAPOLY_C
 	config: MBEDTLS_POLY1305_C
 ]
+include-cipher-mode-gcm: [
+	core-files: %core/mbedtls/gcm.c
+	; GCM runs with multiple ciphers and internally uses the generic wrapper
+	core-files: %core/mbedtls/cipher.c
+	core-files: %core/mbedtls/cipher_wrap.c
+	config: MBEDTLS_GCM_C
+]
+include-cipher-mode-cbc: [
+	; costs cca 1.5kB uncompressed (for AES)
+	config: MBEDTLS_CIPHER_MODE_CBC
+]
 
-include-cipher-aes-deprecated: [
+include-deprecated-cipher-aes: [
 	; costs cca 5kB uncompressed
 	config: INCLUDE_AES_DEPRECATED
 	include: %src/include/deprecated/
 	core-files: %core/deprecated/u-aes.c
 	core-files: %core/deprecated/n-crypt-aes.c
 ]
 
-include-cipher-chacha20-deprecated: [
+include-deprecated-cipher-chacha20: [
 	; costs cca 10kB uncompressed
 	config: INCLUDE_CHACHA20POLY1305_DEPRECATED
 	include: %src/include/deprecated/
@@ -537,8 +540,6 @@ include-curves-x: [
 	config: MBEDTLS_ECP_DP_CURVE448_ENABLED    ; costs 7.6kB; together with CURVE25519 8.1!
 ]
 
-
-
 include-cryptography: [
 	; so far cca 183kB uncompressed (basic AES, all ellyptic curves, rsa, rc4, bignum, entropy )
 	config: INCLUDE_CRYPTOGRAPHY
@@ -570,9 +571,6 @@ include-cryptography: [
 		%core/mbedtls/ecdsa.c
 		%core/mbedtls/ecp.c
 		%core/mbedtls/ecp_curves.c
-
-	;	%core/mbedtls/cipher.c
-	;	%core/mbedtls/cipher_wrap.c
 	]
 
 	:include-curves-sec1
@@ -585,12 +583,13 @@ include-cryptography: [
 
 	:include-cipher-aria
 	:include-cipher-camelia
-	:include-cipher-cbc
-	;:include-cipher-gcm
 	:include-cipher-chacha20
 	:include-cipher-chachapoly
-	:include-cipher-chacha20-deprecated
-	:include-cipher-aes-deprecated
+	:include-cipher-mode-cbc
+	:include-cipher-mode-gcm
+
+	:include-deprecated-cipher-chacha20
+	:include-deprecated-cipher-aes
 
 	:include-codec-crt
 	:include-codec-der

src/boot/words.reb

@@ -3,6 +3,7 @@ REBOL [
 	Title: "Canonical words"
 	Rights: {
 		Copyright 2012 REBOL Technologies
+		Copyright 2012-2022 Rebol Open Source Contributors
 		REBOL is a trademark of REBOL Technologies
 	}
 	License: {
@@ -314,17 +315,26 @@ aes-256-ecb
 aes-128-cbc
 aes-192-cbc
 aes-256-cbc
+aes-128-gcm
+aes-192-gcm
+aes-256-gcm
 camellia-128-ecb
 camellia-192-ecb
 camellia-256-ecb
 camellia-128-cbc
 camellia-192-cbc
 camellia-256-cbc
+camellia-128-gcm
+camellia-192-gcm
+camellia-256-gcm
 aria-128-ecb
 aria-192-ecb
 aria-256-ecb
 aria-128-cbc
 aria-192-cbc
 aria-256-cbc
+aria-128-gcm
+aria-192-gcm
+aria-256-gcm
 chacha20
 chacha20-poly1305

src/core/n-crypt.c

@@ -3,7 +3,7 @@
 **  REBOL [R3] Language Interpreter and Run-time Environment
 **
 **  Copyright 2012 REBOL Technologies
-**  Copyright 2012-2021 Rebol Open Source Contributors
+**  Copyright 2012-2022 Rebol Open Source Contributors
 **  REBOL is a trademark of REBOL Technologies
 **
 **  Licensed under the Apache License, Version 2.0 (the "License");
@@ -91,6 +91,11 @@ static mbedtls_ctr_drbg_context ctr_drbg;
 			add_ec_word(SYM_AES_192_CBC)
 			add_ec_word(SYM_AES_256_CBC)
 		#endif
+		#ifdef MBEDTLS_GCM_C
+			add_ec_word(SYM_AES_128_GCM)
+			add_ec_word(SYM_AES_192_GCM)
+			add_ec_word(SYM_AES_256_GCM)
+		#endif
 		#ifdef MBEDTLS_CAMELLIA_C
 			add_ec_word(SYM_CAMELLIA_128_ECB)
 			add_ec_word(SYM_CAMELLIA_192_ECB)
@@ -100,6 +105,11 @@ static mbedtls_ctr_drbg_context ctr_drbg;
 			add_ec_word(SYM_CAMELLIA_192_CBC)
 			add_ec_word(SYM_CAMELLIA_256_CBC)
 		#endif
+		#ifdef MBEDTLS_GCM_C
+			add_ec_word(SYM_CAMELLIA_128_GCM)
+			add_ec_word(SYM_CAMELLIA_192_GCM)
+			add_ec_word(SYM_CAMELLIA_256_GCM)
+		#endif
 		#endif
 		#ifdef MBEDTLS_ARIA_C
 		add_ec_word(SYM_ARIA_128_ECB)
@@ -110,6 +120,11 @@ static mbedtls_ctr_drbg_context ctr_drbg;
 		add_ec_word(SYM_ARIA_192_CBC)
 		add_ec_word(SYM_ARIA_256_CBC)
 		#endif
+		#ifdef MBEDTLS_GCM_C
+		add_ec_word(SYM_ARIA_128_GCM)
+		add_ec_word(SYM_ARIA_192_GCM)
+		add_ec_word(SYM_ARIA_256_GCM)
+		#endif
 		#endif
 		#ifdef MBEDTLS_CHACHA20_C
 			add_ec_word(SYM_CHACHA20)

src/core/p-crypt.c

@@ -255,6 +255,37 @@ static void free_crypt_cipher_context(CRYPT_CTX *ctx);
 		ctx->cipher_block_size = 16;
 		break;
 
+#ifdef MBEDTLS_GCM_C
+	case SYM_AES_128_GCM:
+	case SYM_AES_192_GCM:
+	case SYM_AES_256_GCM:
+#ifdef MBEDTLS_CAMELLIA_C
+	case SYM_CAMELLIA_128_GCM:
+	case SYM_CAMELLIA_192_GCM:
+	case SYM_CAMELLIA_256_GCM:
+#endif
+#ifdef MBEDTLS_ARIA_C
+	case SYM_ARIA_128_GCM:
+	case SYM_ARIA_192_GCM:
+	case SYM_ARIA_256_GCM:
+#endif
+		if (ctx->cipher_ctx == NULL)
+			ctx->cipher_ctx = malloc(sizeof(mbedtls_gcm_context));
+		mbedtls_gcm_init((mbedtls_gcm_context *)ctx->cipher_ctx);
+		switch (type) {
+		case SYM_AES_128_GCM:
+		case SYM_ARIA_128_GCM:
+		case SYM_CAMELLIA_128_GCM: ctx->key_bitlen = 128; break;
+		case SYM_AES_192_GCM:
+		case SYM_ARIA_192_GCM:
+		case SYM_CAMELLIA_192_GCM: ctx->key_bitlen = 192; break;
+		case SYM_AES_256_GCM:
+		case SYM_ARIA_256_GCM:
+		case SYM_CAMELLIA_256_GCM: ctx->key_bitlen = 256; break;
+		}
+		ctx->cipher_block_size = 0;
+		break;
+#endif
 
 #ifdef MBEDTLS_CAMELLIA_C
 	case SYM_CAMELLIA_128_ECB:
@@ -442,6 +473,30 @@ static void free_crypt_cipher_context(CRYPT_CTX *ctx);
 		break;
 #endif
 
+#ifdef MBEDTLS_GCM_C
+	case SYM_AES_128_GCM:
+	case SYM_AES_192_GCM:
+	case SYM_AES_256_GCM:
+#ifdef MBEDTLS_CAMELLIA_C
+	case SYM_CAMELLIA_128_GCM:
+	case SYM_CAMELLIA_192_GCM:
+	case SYM_CAMELLIA_256_GCM:
+#endif
+#ifdef MBEDTLS_ARIA_C
+	case SYM_ARIA_128_GCM:
+	case SYM_ARIA_192_GCM:
+	case SYM_ARIA_256_GCM:
+#endif
+	{
+		size_t out_bytes = 0;
+		err = mbedtls_gcm_update((mbedtls_gcm_context *)ctx->cipher_ctx, input, len, BIN_TAIL(bin), len, &out_bytes);
+		if (err) return err;
+		SERIES_TAIL(bin) += out_bytes;
+		input += out_bytes;
+		break;
+	}
+#endif
+
 #ifdef MBEDTLS_CAMELLIA_C
 	case SYM_CAMELLIA_128_ECB:
 	case SYM_CAMELLIA_192_ECB:
@@ -571,6 +626,29 @@ static void free_crypt_cipher_context(CRYPT_CTX *ctx);
 		}
 		break;
 
+	#ifdef MBEDTLS_GCM_C
+	case SYM_AES_128_GCM:
+	case SYM_AES_192_GCM:
+	case SYM_AES_256_GCM:
+	#ifdef MBEDTLS_CAMELLIA_C
+	case SYM_CAMELLIA_128_GCM:
+	case SYM_CAMELLIA_192_GCM:
+	case SYM_CAMELLIA_256_GCM:
+	#endif
+	#ifdef MBEDTLS_ARIA_C
+	case SYM_ARIA_128_GCM:
+	case SYM_ARIA_192_GCM:
+	case SYM_ARIA_256_GCM:
+	#endif
+	{
+		mbedtls_gcm_context *gcm = (mbedtls_gcm_context *)ctx->cipher_ctx;
+		err = mbedtls_gcm_setkey(gcm, MBEDTLS_CIPHER_ID_AES, ctx->key, ctx->key_bitlen);
+		if (err) return err;
+		err = mbedtls_gcm_starts(gcm, ctx->operation, ctx->IV, 16);
+		ctx->unprocessed_len = 0;
+		break;
+	}
+	#endif
 
 	#ifdef MBEDTLS_CAMELLIA_C
 	case SYM_CAMELLIA_128_ECB:
@@ -692,6 +770,7 @@ static void free_crypt_cipher_context(CRYPT_CTX *ctx);
 		// we have enough data to call crypt
 		Crypt_Crypt(ctx, input, len, &olen);
 		if (olen > len) return CRYPT_ERROR_BAD_PROCESSED_SIZE;
+		input += olen;
 		len -= olen;
 	}
 	// test if there are some unprocessed data

src/include/sys-crypt.h

@@ -3,6 +3,7 @@
 **  REBOL [R3] Language Interpreter and Run-time Environment
 **
 **  Copyright 2012 REBOL Technologies
+**  Copyright 2012-2022 Rebol Open Source Contributors
 **  REBOL is a trademark of REBOL Technologies
 **
 **  Licensed under the Apache License, Version 2.0 (the "License");
@@ -61,6 +62,10 @@ typedef mbedtls_chachapoly_context CHACHAPOLY_CTX;
 #define CHACHAPOLY_STATE_CIPHERTEXT (2)
 #endif
 
+#ifdef MBEDTLS_GCM_C
+#include "mbedtls/gcm.h"
+#endif
+
 
 typedef mbedtls_rsa_context   RSA_CTX;
 typedef mbedtls_dhm_context   DHM_CTX;