CHANGE: replaced the old ECDH and `ECDSA implementation with code f…

…rom `mbedTLS`
Oldes · Jan 18, 2022 · f46f9ba · f46f9ba
1 parent d6db6f5
commit f46f9ba
Show file tree

Hide file tree

Showing 28 changed files with 15,086 additions and 156 deletions.
diff --git a/make/rebol3.nest b/make/rebol3.nest
@@ -458,16 +458,19 @@ include-cryptography: [
 	core-files: [
 		%core/n-crypt.c
 		%core/u-aes.c 
-		%core/u-bigint.c ;needed for RSA abd DH which is needed in TLS protocol (HTTPS)
+		;%core/deprecated/u-bigint.c ;needed for RSA abd DH which is needed in TLS protocol (HTTPS)
 		%core/u-chacha20.c
-		%core/u-dh.c
+		;%core/deprecated/u-dh.c
 		%core/u-poly1305.c
 		%core/u-rc4.c
 		;%core/deprecated/u-rsa.c
-		%core/u-uECC.c
+		;%core/deprecated/u-uECC.c
 
 		%core/p-crypt.c
 		%core/mbedtls/aes.c
+		%core/mbedtls/asn1parse.c
+		%core/mbedtls/asn1write.c
+		%core/mbedtls/dhm.c
 		%core/mbedtls/md.c
 		%core/mbedtls/oid.c
 		%core/mbedtls/bignum.c
@@ -477,6 +480,10 @@ include-cryptography: [
 		%core/mbedtls/ctr_drbg.c
 		%core/mbedtls/entropy.c
 		%core/mbedtls/entropy_poll.c
+		%core/mbedtls/ecdh.c
+		%core/mbedtls/ecdsa.c
+		%core/mbedtls/ecp.c
+		%core/mbedtls/ecp_curves.c
 	]
 	:include-codec-crt
 	:include-codec-der

diff --git a/src/boot/sysobj.reb b/src/boot/sysobj.reb
@@ -61,6 +61,21 @@ catalog: object [
 	]
 	checksums: [adler32 crc24 crc32 tcp md4 md5 sha1 sha224 sha256 sha384 sha512 ripemd160]
 	compressions: [gzip deflate zlib lzma crush]
+	elliptic-curves: [
+		secp192r1      ; 192-bit curve defined by FIPS 186-4 and SEC1
+		secp224r1      ; 224-bit curve defined by FIPS 186-4 and SEC1
+		secp256r1      ; 256-bit curve defined by FIPS 186-4 and SEC1
+		secp384r1      ; 384-bit curve defined by FIPS 186-4 and SEC1
+		secp521r1      ; 521-bit curve defined by FIPS 186-4 and SEC1
+		bp256r1        ; 256-bit Brainpool curve
+		bp384r1        ; 384-bit Brainpool curve
+		bp512r1        ; 512-bit Brainpool curve
+		curve25519     ; Curve25519
+		secp192k1      ; 192-bit "Koblitz" curve
+		secp224k1      ; 224-bit "Koblitz" curve
+		secp256k1      ; 256-bit "Koblitz" curve
+		curve448       ; Curve448
+	]
 ]
 
 contexts: construct [
@@ -267,6 +282,12 @@ standard: object [
 		method: none
 	]
 
+	port-spec-crypt: make port-spec-head [
+		scheme: 'crypt
+		algorithm: 'aes
+    	direction: 'encrypt
+	]
+
 	port-spec-midi: make port-spec-head [
 		scheme:    'midi
 		device-in:  

diff --git a/src/boot/words.reb b/src/boot/words.reb
@@ -288,4 +288,20 @@ msdos-datetime
 msdos-date
 msdos-time
 octal-bytes
-string-bytes
+string-bytes
+
+; group IDs for Elliptic Curves over GF(P) (ECP)
+; (in the same order as mbedTLS's `mbedtls_ecp_group_id` enumeration)
+secp192r1      ; 192-bit curve defined by FIPS 186-4 and SEC1
+secp224r1      ; 224-bit curve defined by FIPS 186-4 and SEC1
+secp256r1      ; 256-bit curve defined by FIPS 186-4 and SEC1
+secp384r1      ; 384-bit curve defined by FIPS 186-4 and SEC1
+secp521r1      ; 521-bit curve defined by FIPS 186-4 and SEC1
+bp256r1        ; 256-bit Brainpool curve
+bp384r1        ; 384-bit Brainpool curve
+bp512r1        ; 512-bit Brainpool curve
+curve25519     ; Curve25519
+secp192k1      ; 192-bit "Koblitz" curve
+secp224k1      ; 224-bit "Koblitz" curve
+secp256k1      ; 256-bit "Koblitz" curve
+curve448       ; Curve448
diff --git a/src/core/u-uECC.c → src/core/deprecated/u-uECC.c b/src/core/u-uECC.c → src/core/deprecated/u-uECC.c