Remove GCM mode from CI_Encryption (OpenSSL)

While openssl_get_cipher_methods() lists 'aes-<keysize>-gcm' as supported, it appears that this is only half of the story. To be more specific, only the encryption operation of GCM is performed, and the authentication message is completely missing, rendering the whole thing useles.
author: Andrey Andreev <narf@devilix.net> 2014-07-02 18:09:08 +0200
committer: Andrey Andreev <narf@devilix.net> 2014-07-02 18:09:08 +0200
commit: ab9971f112c1394db0d0fc963d860479d3ec408b (patch)
tree: d1b01df4b07c54ba36cc27db333030035812294a
parent: 961db7dd3843ee7acba3557d4c82c2cd8ab9e937 (diff)
2 files changed, 8 insertions, 14 deletions
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index aa91cd3f9..b85d7da36 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -105,7 +105,6 @@ class CI_Encryption {
 			'cfb8' => 'cfb8',
 			'ctr' => 'ctr',
 			'stream' => '',
-			'gcm' => 'gcm',
 			'xts' => 'xts'
 		)
 	);
@@ -628,7 +627,7 @@ class CI_Encryption {
 					'mode' => $this->_mode,
 					'key' => NULL,
 					'base64' => TRUE,
-					'hmac_digest' => ($this->_mode !== 'gcm' ? 'sha512' : NULL),
+					'hmac_digest' => 'sha512',
 					'hmac_key' => NULL
 				)
 				: FALSE;
@@ -651,7 +650,7 @@ class CI_Encryption {
 			}
 		}
 
-		if ($params['mode'] === 'gcm' OR (isset($params['hmac']) && $params['hmac'] === FALSE))
+		if (isset($params['hmac']) && $params['hmac'] === FALSE)
 		{
 			$params['hmac_digest'] = $params['hmac_key'] = NULL;
 		}
diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst
index 1353c4ed0..5d92b109a 100644
--- a/user_guide_src/source/libraries/encryption.rst
+++ b/user_guide_src/source/libraries/encryption.rst
@@ -173,9 +173,9 @@ but regardless, here's a list of most of them:
 ============== ========= ============================== =========================================
 Cipher name    Driver    Key lengths (bits / bytes)     Supported modes
 ============== ========= ============================== =========================================
-AES-128        OpenSSL   128 / 16                       CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS
-AES-192        OpenSSL   192 / 24                       CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS
-AES-256        OpenSSL   256 / 32                       CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS
+AES-128        OpenSSL   128 / 16                       CBC, CTR, CFB, CFB8, OFB, ECB, XTS
+AES-192        OpenSSL   192 / 24                       CBC, CTR, CFB, CFB8, OFB, ECB, XTS
+AES-256        OpenSSL   256 / 32                       CBC, CTR, CFB, CFB8, OFB, ECB, XTS
 Rijndael-128   MCrypt    128 / 16, 192 / 24, 256 / 32   CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
 Rijndael-192   MCrypt    128 / 16, 192 / 24, 256 / 32   CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
 Rijndael-256   MCrypt    128 / 16, 192 / 24, 256 / 32   CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
@@ -239,7 +239,6 @@ CFB8        cfb8               MCrypt, OpenSSL   Same as CFB, but operates in 8-
 OFB         ofb                MCrypt, OpenSSL   N/A
 OFB8        ofb8               MCrypt            Same as OFB, but operates in 8-bit mode (not recommended).
 ECB         ecb                MCrypt, OpenSSL   Ignores IV (not recommended).
-GCM         gcm                OpenSSL           Provides authentication and therefore doesn't need a HMAC.
 XTS         xts                OpenSSL           Usually used for encrypting random access data such as RAM or hard-disk storage.
 Stream      stream             MCrypt, OpenSSL   This is not actually a mode, it just says that a stream cipher is being used. Required because of the general cipher+mode initialization process.
 =========== ================== ================= ===================================================================================================================================================
@@ -251,10 +250,9 @@ It's probably important for you to know that an encrypted string is usually
 longer than the original, plain-text string (depending on the cipher).
 
 This is influenced by the cipher algorithm itself, the IV prepended to the
-cipher-text and (unless you are using GCM mode) the HMAC authentication
-message that is also prepended. Furthermore, the encrypted message is also
-Base64-encoded so that it is safe for storage and transmission, regardless
-of a possible character set in use.
+cipher-text and the HMAC authentication message that is also prepended.
+Furthermore, the encrypted message is also Base64-encoded so that it is safe
+for storage and transmission, regardless of a possible character set in use.
 
 Keep this information in mind when selecting your data storage mechanism.
 Cookies, for example, can only hold 4K of information.
@@ -446,9 +444,6 @@ raw_data      FALSE           No                            Whether the cipher-t
 	value is incorrect. This includes *hmac_key*, unless *hmac*
 	is set to FALSE.
 
-.. note:: If GCM mode is used, *hmac* will always be FALSE. This is
-	because GCM mode itself provides authentication.
-
 .. _digests:
 
 Supported HMAC authentication algorithms
author	Andrey Andreev <narf@devilix.net>	2014-07-02 18:09:08 +0200
committer	Andrey Andreev <narf@devilix.net>	2014-07-02 18:09:08 +0200
commit	ab9971f112c1394db0d0fc963d860479d3ec408b (patch)
tree	d1b01df4b07c54ba36cc27db333030035812294a
parent	961db7dd3843ee7acba3557d4c82c2cd8ab9e937 (diff)