FEAT: added support for authentication in GCM (Galois/Counter mode) cipher mode

Author: Oldes

src/core/p-crypt.c

@@ -336,6 +336,7 @@ static void free_crypt_cipher_context(CRYPT_CTX *ctx);
 		if (ctx->cipher_ctx == NULL)
 			ctx->cipher_ctx = malloc(sizeof(mbedtls_gcm_context));
 		mbedtls_gcm_init((mbedtls_gcm_context *)ctx->cipher_ctx);
+		ctx->cipher_mode = MBEDTLS_MODE_GCM;
 		switch (type) {
 		case SYM_AES_128_GCM:
 		case SYM_ARIA_128_GCM:
@@ -494,8 +495,6 @@ static void free_crypt_cipher_context(CRYPT_CTX *ctx);
 
 	*olen = 0;
 
-	if (len == 0) return 0;
-
 	bin = ctx->buffer;
 	blk = ctx->cipher_block_size;
 
@@ -610,6 +609,14 @@ static void free_crypt_cipher_context(CRYPT_CTX *ctx);
 #endif
 	{
 		size_t out_bytes = 0;
+
+		if (ctx->state == CRYPT_PORT_NO_DATA && ctx->aad_len) {
+			if (len < ctx->aad_len) return 1;
+			err = mbedtls_gcm_update_ad((mbedtls_gcm_context *)ctx->cipher_ctx, input, ctx->aad_len);
+			if (err) return err;
+			input += ctx->aad_len;
+			len -= ctx->aad_len;
+		}
 		err = mbedtls_gcm_update((mbedtls_gcm_context *)ctx->cipher_ctx, input, len, BIN_TAIL(bin), len, &out_bytes);
 		if (err) return err;
 		SERIES_TAIL(bin) += out_bytes;
@@ -876,7 +883,7 @@ static void free_crypt_cipher_context(CRYPT_CTX *ctx);
 	REBSER* bin;
 	REBCNT  len, ofs, blk;
 	REBINT  ret = CRYPT_OK;
-	REBCNT  olen = 0;
+	size_t  olen = 0;
 
 	bin = ctx->buffer;
 
@@ -910,6 +917,19 @@ static void free_crypt_cipher_context(CRYPT_CTX *ctx);
 		ret = Crypt_Crypt(ctx, ctx->unprocessed_data, blk, &olen);
 		ctx->unprocessed_len = 0;
 	}
+	if (ctx->tag_len) {
+		#ifdef MBEDTLS_GCM_C
+		if (ctx->cipher_mode == MBEDTLS_MODE_GCM) {
+			// compute tag
+			Extend_Series(bin, ctx->tag_len);
+			ret = mbedtls_gcm_finish((mbedtls_gcm_context*)ctx->cipher_ctx, NULL, 0, &olen, BIN_TAIL(bin), ctx->tag_len);
+			if (ret) return ret;
+			SERIES_TAIL(bin) += ctx->tag_len;
+			ctx->state = CRYPT_PORT_FINISHED;
+		}
+		#endif
+	}
+
 	return ret;
 }
 
@@ -923,13 +943,19 @@ static void free_crypt_cipher_context(CRYPT_CTX *ctx);
 	REBCNT blk, olen;
 	REBCNT unprocessed_free;
 
-	if (len == 0) return 0;
-
 	if (ctx->state == CRYPT_PORT_NEEDS_INIT) {
 		ret = Crypt_Init(ctx);
 		if (ret) return ret;
 	}
 
+	if (len == 0) {
+		// it is valid to encrypt empty message
+		if (ctx->cipher_mode == MBEDTLS_MODE_GCM) {
+			ret = Crypt_Crypt(ctx, input, 0, &olen);
+		}
+		return ret;
+	}
+
 	blk = ctx->cipher_block_size;
 	if (blk > MBEDTLS_MAX_BLOCK_LENGTH) return CRYPT_ERROR_BAD_BLOCK_SIZE;
 

src/tests/run-tests.r3

@@ -73,6 +73,8 @@ dt [ ;- delta time
 		%units/crypt-test.r3
 		%units/crypt-port-test.r3
 		%units/crypt-port-camelia-test.r3
+		%units/crypt-port-ccm-test.r3
+		%units/crypt-port-gcm-test.r3
 		%units/poly1305-test.r3
 		%units/rc4-test.r3
 		%units/rsa-test.r3