Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:126392
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id 9D6791A00BC
	for <internals@lists.php.net>; Thu, 13 Feb 2025 14:51:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1739458156; bh=0aktrG7tCsjVeVV5R6Ii9hO7dj2Ws6oU2pqUt+3368o=;
	h=From:Date:Subject:To:From;
	b=NACCjPr2Pb8b4+rxpm1JGo8BrCVmw1LlGHcEB0Hk16qQRckYt9HvAL0/eDajUNHxR
	 g6N7lCZy+9cNmruRGi54D6eh6c9VICswBNEvhyomRGgVj3OBAKphFBgTAy0b5sF115
	 vjaArlJQLbfRKz0tih7HgRwoZpZS6/6U/1Q3Yi6q9/6RJYHx8kc3+WvCTj09vz81Vq
	 xjAKBO5sfDQdCiB0c5BzZHczK3HiL1SxwUGqp8V5jzU6yT7M8e3921BYJlCCFIf9X8
	 9ql8zhxJSeexNCSi0yLsF71FY1rvD663kJc9tJtnwFIPgqz8A3uphBC3TZSuEgsfl4
	 4OqGBMrij6QhA==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id EAAD7180081
	for <internals@lists.php.net>; Thu, 13 Feb 2025 14:49:15 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,DKIM_SIGNED,
	DKIM_VALID,DMARC_MISSING,HTML_MESSAGE,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <scott@paragonie.com>
Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 13 Feb 2025 14:49:15 +0000 (UTC)
Received: by mail-ej1-f42.google.com with SMTP id a640c23a62f3a-ab7f838b92eso172522166b.2
        for <internals@lists.php.net>; Thu, 13 Feb 2025 06:51:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paragonie-com.20230601.gappssmtp.com; s=20230601; t=1739458316; x=1740063116; darn=lists.php.net;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=kdfOCsLDtDYFjb7Nnl6MM1vqioao3ECS8EwX6sdOtiI=;
        b=IzDmCMdwJQDLGgEBai1XjUPtyu7AXhLt59GJL2t4ywsKA8jWHyC/FbgfyyYHtFGLf+
         LEPcZxEKP9oqB15WlXUOIhIfNdAxOrWzgdtdU7dHr8tS/UDu0fRgjVWgiKxHEm2PiDcw
         7GexCqZ+M2QUF7wQZwCMTwFPVsoXfB3Tvlcs0Nsuf2+pRk/ytYPAn/q7G13cGNR/N1rW
         VSSpWaiwc/uXJ2tXQdzYUHK9Ax8OpkVoQ4K4XI6FeWD+tHm0P8eFNvjS0ALt2HjBPP/F
         66jM6F2voI4rvDuOVH3wI8LvEN63jUAUiDljDaeFYa3ESKG8L+rUaaGnoqKqQuPEjsWg
         kJTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1739458316; x=1740063116;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=kdfOCsLDtDYFjb7Nnl6MM1vqioao3ECS8EwX6sdOtiI=;
        b=PZcmQHAgXpWECpSmQL//Hg56Xa5in/XLJJ+M5Ha6JxUhVTfZlX2AZFNd1AJJovgupF
         hHgpUQhOql8tCIxnhMIKrPzAeqF0HS5GaF/gl/UYTCB8GrcDYOtlWXhTGZYQ56bB0ZIV
         NHF7HhxmuGhiEQVG6h4vwy+C12NVWSOIqUX+DZRu+nepjdWkhiD53AtrwghHY77grljz
         eVyXd9ghvwsYScjqfihMmd98gac8C2ABrB6HbEVQIFcjWhcWaMqdtPb/eBSyLXDmb1PZ
         78qYZVKNCQ7AZuLiH/7rqLU83d15Kshwb8zN2//dC/VhsndaAH58RqwsCw/llSoSeZhY
         P5Tg==
X-Gm-Message-State: AOJu0YxTeNGQEZO/b7smTaCQ470JY8BgWd6YWfqBUJSwf59n5Awkf2eV
	LmQJ1hOXYv8lsPAzaPNdMiMGbl0uc4KAfOb752oqUhf4jsqVrnWzMyqUC3M2BlbcGZfJRZdec8S
	ThLgQE4eeTZ9yxxgf1M35kRK9nK/qjD3O/6EFb5hw+adFE72KAnI=
X-Gm-Gg: ASbGncvfObDNtaRP1pURF2qKkpt9BuJ03hg0GxrvLktwf5ZmxRJlj2zbsyN0mHES+wR
	tO/gIf56vxjJKh0DXYXsKd8J+oZ5IADsX7EfMHXKMKQv4DcAYv7mxPz3W7AeogvLJZFGBoiiNKQ
	rSjiElwK6VrkgFrYpYkTeDAAWENvgS
X-Google-Smtp-Source: AGHT+IG3iWXtJ08wSjbZP9a6QHV25cFBDFgV+n0lb6LQoeCcpi9hU94k7mH6h6fY0WNC7ugzt/pGnw1RUFZKuCL7ag4=
X-Received: by 2002:a17:907:7f90:b0:ab7:b8eb:f725 with SMTP id
 a640c23a62f3a-aba4eb9abb2mr387201666b.7.1739458316397; Thu, 13 Feb 2025
 06:51:56 -0800 (PST)
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
Date: Thu, 13 Feb 2025 09:51:43 -0500
X-Gm-Features: AWEUYZl0l82c5RNcmT6S3us3zqpN0qSzw2BX74EfYHeDGwQbE6HUBh1OcjxM9Hg
Message-ID: <CAKws9z2-e8YnGbdpp0BJvEBEiEsqHQMzyAo+Vee4naXy5mK40w@mail.gmail.com>
Subject: [PHP-DEV] Update OpenSSL Extension to Support KEMs
To: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000000d1d1f062e073320"
From: security@paragonie.com (Paragon Initiative Enterprises Security Team)

--0000000000000d1d1f062e073320
Content-Type: text/plain; charset="UTF-8"

OpenSSL 3 introduced a KEM API, which is an abstraction for the kinds of
cryptographic operations used by the NIST post-quantum cryptography
standards (i.e., FIPS-203).

KEM stands for "Key Encapsulation Mechanism". It's the preferred way to do
asymmetric cryptography. Even RSA-KEM is safer than how most people
experience RSA encryption.

The relevant functions are EVP_PKEY_encapsulate() and
EVP_PKEY_decapsulate().

https://github.com/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L225

https://github.com/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L262

Currently, these APIs only seem to support classical cryptography (ECC,
RSA), but that is one of the APIs that will enable post-quantum
cryptography for software using OpenSSL in the future.

We intend to send a pull request later this year to include PHP functions
in the OpenSSL extension that look like this:

function openssl_kem_encaps(OpenSSLAsymmetricKey $pk): array;
  // 0 -> shared secret (typically 32 bytes)
  // 1 -> KEM ciphertext for decaps
function openssl_kem_decaps(OpenSSLAsymmetricKey $sk, string
$kemCiphertext): string;
  // Returns a shared secret or throws an exception upon decryption failure.

I don't know if this change needs an RFC or not, but I wanted to start the
discussion just in case.

Security Team
Paragon Initiative Enterprises <https://paragonie.com/security>

--0000000000000d1d1f062e073320
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div class=3D"gmail_default" style=3D"font-family:mon=
ospace,monospace">OpenSSL 3 introduced a KEM API, which is an abstraction f=
or the kinds of cryptographic operations used by the NIST post-quantum cryp=
tography standards (i.e., FIPS-203).</div><div class=3D"gmail_default" styl=
e=3D"font-family:monospace,monospace"><br></div><div class=3D"gmail_default=
" style=3D"font-family:monospace,monospace">KEM stands for &quot;Key Encaps=
ulation Mechanism&quot;. It&#39;s the preferred way to do asymmetric crypto=
graphy. Even RSA-KEM is safer than how most people experience RSA encryptio=
n.</div><div><div class=3D"gmail_default" style=3D"font-family:monospace,mo=
nospace"><br></div><div class=3D"gmail_default" style=3D"font-family:monosp=
ace,monospace">The relevant functions are EVP_PKEY_encapsulate() and EVP_PK=
EY_decapsulate().</div><div class=3D"gmail_default" style=3D"font-family:mo=
nospace,monospace"><br></div><div class=3D"gmail_default" style=3D"font-fam=
ily:monospace,monospace"><a href=3D"https://github.com/openssl/openssl/blob=
/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L225" target=3D"=
_blank">https://github.com/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769=
c77c7a1bb684f/crypto/evp/kem.c#L225</a></div><div class=3D"gmail_default" s=
tyle=3D"font-family:monospace,monospace"><br></div><div class=3D"gmail_defa=
ult" style=3D"font-family:monospace,monospace"><a href=3D"https://github.co=
m/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/=
kem.c#L262" target=3D"_blank">https://github.com/openssl/openssl/blob/4b433=
3ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L262</a></div><div cla=
ss=3D"gmail_default" style=3D"font-family:monospace,monospace"><br></div><d=
iv class=3D"gmail_default" style=3D"font-family:monospace,monospace">Curren=
tly, these APIs only seem to support classical cryptography (ECC, RSA), but=
 that is one of the APIs that will enable post-quantum cryptography for sof=
tware using OpenSSL in the future.</div></div><div class=3D"gmail_default" =
style=3D"font-family:monospace,monospace"><br></div><div class=3D"gmail_def=
ault" style=3D"font-family:monospace,monospace">We intend to send a pull re=
quest later this year to include PHP functions in the OpenSSL extension tha=
t look like this:</div><div class=3D"gmail_default" style=3D"font-family:mo=
nospace,monospace"><br></div><div class=3D"gmail_default" style=3D"font-fam=
ily:monospace,monospace">function openssl_kem_encaps(OpenSSLAsymmetricKey $=
pk): array;</div><div class=3D"gmail_default" style=3D"font-family:monospac=
e,monospace">=C2=A0 // 0 -&gt; shared secret (typically 32 bytes)</div><div=
 class=3D"gmail_default" style=3D"font-family:monospace,monospace">=C2=A0 /=
/ 1 -&gt; KEM ciphertext for decaps</div><div class=3D"gmail_default" style=
=3D"font-family:monospace,monospace">function openssl_kem_decaps(OpenSSLAsy=
mmetricKey $sk, string $kemCiphertext): string;</div><div class=3D"gmail_de=
fault" style=3D"font-family:monospace,monospace">=C2=A0 // Returns a shared=
 secret or throws an exception upon decryption failure.</div><div class=3D"=
gmail_default" style=3D"font-family:monospace,monospace"><br></div><div cla=
ss=3D"gmail_default" style=3D"font-family:monospace,monospace">I don&#39;t =
know if this change needs an RFC or not, but I wanted to start the discussi=
on just in case.</div><br clear=3D"all"></div><div><div dir=3D"ltr" class=
=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">Se=
curity Team<div><a href=3D"https://paragonie.com/security" target=3D"_blank=
">Paragon Initiative Enterprises</a></div></div></div></div></div>

--0000000000000d1d1f062e073320--