This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
rfc:openssl_aead [2016/01/02 16:50]
bukka Create initial version
rfc:openssl_aead [2017/09/22 13:28] (current)
Line 1: Line 1:
-====== PHP RFC: Your Title Here ====== +====== PHP RFC: OpenSSL AEAD support ====== 
-  * Version: 0.1+  * Version: 0.2
   * Date: 2016-01-02    * Date: 2016-01-02 
   * Author: Jakub Zelenka, bukka@php.net   * Author: Jakub Zelenka, bukka@php.net
-  * Status: Draft+  * Status: Implemented (PHP 7.1)
 ===== Introduction ===== ===== Introduction =====
-The PHP OpenSSL extension has functions for data encryption (openssl_encrypt) and decryption (openssl_decrypt). These function works fine for all cipher algorithms (cipher + mode) except ciphers with AEAD (Authenticated Encrypt with Associated Data). These modes requires special handling in OpenSSL and a need for supplying or retrieving the authenticated tag and optionally AAD (associated application data)+The PHP OpenSSL extension provides functions for data encryption (openssl_encrypt) and decryption (openssl_decrypt). These function works fine for all cipher algorithms (cipher + mode) except AEAD (Authenticated Encrypt with Associated Data) modes. These modes requires special handling in OpenSSL and a need for supplying resp. retrieving of the authenticated tag and optionally AAD (associated application data)
 +There are two AEAD modes supported by OpenSSL (up to version 1.0.2) - GCM (Galois Counter Mode) and CCM (Counter with CBC-MAC). Both of these modes currently fails on decryption as there is no way how to supply an authentication tag and internal OpenSSL API doesn't allow it to use it in the same way (e.g. there is no context finalization for CCM mode).
 ===== Proposal ===== ===== Proposal =====
-This RFC proposes adding extra parameters to openssl_encrypt and openssl_decrypt for accessing authenticated tag and data.+This RFC proposes adding extra parameters to the openssl_encrypt resp. openssl_decrypt for retrieving resp. supplying an authenticated tag and AAD. These parameters are optional and are used only for supported AEAD modes (GCM and CCM). If a tag is used for any modes that doesn't support AEAD, then the warning is triggered. 
 +The parameters differs for each function. 
 +=== Encryption === 
 +The new prototype for openssl_encrypt is following: 
 +<code php> 
 +string openssl_encrypt ( string $data , string $method , string $password  
 +    [, int $options = 0 [, string $iv = "" [, string &$tag = NULL [, string $aad = "" [, int $tag_length = 16 ]]]]) 
 +== New parameters description == 
 +  * $tag - The authentication tag will be saved to the variable passed as a reference on successful encryptionIf the encryption fails, then the variable is unchanged. The resulted tag length is the same as the length supplied in the $tag_length parameter which default to 16. 
 +  * $aad - Additional authentication data. 
 +  * $tag_length - The tag length can be set before the encryption and can be between 4 and 16 for GCM mode where it is the same like trimming the tag. On the other side the CCM has no such limits and also the resulted tag is different for each length. 
 +=== Decryption === 
 +The new prototype for openssl_decrypt is following: 
 +<code php> 
 +string openssl_decrypt ( string $data , string $method , string $password  
 +    [, int $options = 0 [, string $iv = "" [, string $tag = "" [, string $aad = "" ]]]] ) 
 +== New parameters description ==
 +  * $tag - The authentication tag that will be authenticated. If it's incorrect, then the authentication fails and the function returns FALSE.
 +  * $aad - Additional authentication data.
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
Line 35: Line 68:
 ===== Open Issues ===== ===== Open Issues =====
-Default tag length and parameters order.+Tag length and parameters order.
 ===== Unaffected PHP Functionality ===== ===== Unaffected PHP Functionality =====
Line 45: Line 78:
 Adding support for OCB mode once the extension supports OpenSSL 1.1 Adding support for OCB mode once the extension supports OpenSSL 1.1
-===== Proposed Voting Choices ===== +===== Voting ===== 
-50%+1 majority+Required 50%+1 majority for accepting this proposal. 
 +<doodle title="Include AEAD support to OpenSSL extension" auth="bukka" voteType="single" closed="true"> 
 +   * Yes 
 +   * No 
 +Voting started on January 20th at 17:00 UTC and ended on January 27th at 17:00 UTC.
 ===== Patches and Tests ===== ===== Patches and Tests =====
 ===== Implementation ===== ===== Implementation =====
-After the project is implemented, this section should contain  + 
-  - the version(sit was merged to +OpenSSL AEAD support has been implemented in PHP 7.1 with [[http://git.php.net/?p=php-src.git;a=commit;h=054b27d3|commit 054b27d3]], and is documented in the [[http://php.net/manual/function.openssl-encrypt.php|openssl_encrypt()]] and [[http://php.net/manual/function.openssl-decrypt.php|openssl_decrypt()]] man pages. 
-  a link to the git commit(s+ 
-  - a link to the PHP manual entry for the feature+The PHP language specification is not affected by this RFC.
 ===== References ===== ===== References =====
-Links to external references, discussions or RFCs+  * https://bugs.php.net/bug.php?id=67304
 ===== Rejected Features ===== ===== Rejected Features =====
-Keep this updated with features that were discussed on the mail lists.+ 
 +There has been discussion about introducing an object that would wrap the context and offered functions for setting tag, AAD, key, IV and making partials updates. However such functionality is already implemented in crypto extension and requires much more code (about extra 1000 lines) to address all possible exceptions. The main thing is that this is not contradicting to this proposal as it could easily co-exist as we will still have to keep openssl_ecrypt and openssl_decrypt working. This proposal is just about extending these two function for AEAD mode support. 
 +It's been suggested that new functions openssl_ecrypt_aead and openss_decrytp_aead should be introduced instead of adding new parameters to prevent confusion for users that tries to use a tag with non AEAD modes. That has been rejected in favour of adding warning when tag supplied for non AEAD modes.
rfc/openssl_aead.1451753410.txt.gz · Last modified: 2017/09/22 13:28 (external edit)