This is an old revision of the document!
PHP RFC: Your Title Here
- Version: 0.1
- Date: 2016-01-02
- Author: Jakub Zelenka, bukka@php.net
- Status: Draft
Introduction
The PHP OpenSSL extension provides functions for data encryption (openssl_encrypt) and decryption (openssl_decrypt). These function works fine for all cipher algorithms (cipher + mode) except ciphers with AEAD (Authenticated Encrypt with Associated Data) mode. These modes requires special handling in OpenSSL and a need for supplying resp. retrieving of the authenticated tag and optionally AAD (associated application data).
There are two AEAD modes supported by OpenSSL (up to version 1.0.2) - GCM (Galois Counter Mode) and CCM (Counter with CBC-MAC). Both of these modes currently fails on decryption as there is no way how to supply an authentication tag.
Proposal
This RFC proposes adding extra parameters to openssl_encrypt and openssl_decrypt for accessing authenticated tag and AAD. These parameters are optional and makes sense only for AEAD modes. The parameters differs for each function.
Backward Incompatible Changes
none
Proposed PHP Version(s)
PHP 7.1
RFC Impact
To SAPIs
none
To Existing Extensions
none
To Opcache
none
New Constants
none
Open Issues
Default tag length and parameters order.
Unaffected PHP Functionality
The current encryption and decryption is unaffected. The new parameters are optional.
Future Scope
Adding support for OCB mode once the extension supports OpenSSL 1.1
Proposed Voting Choices
50%+1 majority
Patches and Tests
Implementation
After the project is implemented, this section should contain
- the version(s) it was merged to
- a link to the git commit(s)
- a link to the PHP manual entry for the feature
References
Links to external references, discussions or RFCs
Rejected Features
Keep this updated with features that were discussed on the mail lists.