Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:126394 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id F2B491A00BC for ; Thu, 13 Feb 2025 15:14:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1739459519; bh=ERWQcH1+XPFBltNZPTaN//F5/+AbDO5aG9yqhPCq3xg=; h=Date:Subject:To:References:From:In-Reply-To:From; b=di+IFpZzlVHRFSy61Val06yhHxSVypQDzuoqh3s+T6jCqr40Dqv+jfJYUyZys8euB K9GlM85ufwqnmVgAmpnpRs4jXWUot/buqgwJuFG04etCVsO8i9x/mcO1RI86kC70AB CXEN9d3WlW0KvOUjL0xRbXK7LPBUdN/pgOjhwfG7t1PS7UjOb06c7qFuIXJjUC8Qh+ ylex7DLHBd3JUT51FNtkTt4gUYGNAcL4mlQs++8IK9FJJtrCdYPPLvjjNcvDQGqQ0y PxiD3HHZhAVrPpAcvvJxMJprQy30McB9Bk6pGeZLf4blk3YSSeoobJnT9cjRcR70Kl FBBgGYsYz1yTQ== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id CBF811801D6 for ; Thu, 13 Feb 2025 15:11:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: **** X-Spam-Status: No, score=4.7 required=5.0 tests=BAYES_50,DMARC_NONE, HTML_MESSAGE,SPF_HELO_FAIL,SPF_SOFTFAIL autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from box.sixthree.me (box.sixthree.me [52.24.245.86]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 13 Feb 2025 15:11:55 +0000 (UTC) Authentication-Results: box.sixthree.me; dkim=none; dkim-atps=neutral Received: from authenticated-user (box.sixthree.me [52.24.245.86]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by box.sixthree.me (Postfix) with ESMTPSA id A635E7E371 for ; Thu, 13 Feb 2025 07:14:37 -0800 (PST) Content-Type: multipart/alternative; boundary="------------9oOwvykugvrm0wrMD7wbdkWv" Message-ID: <0f534d3b-73f3-4d04-b955-4a2093473376@php.net> Date: Thu, 13 Feb 2025 07:14:37 -0800 Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 Subject: Re: [PHP-DEV] Update OpenSSL Extension to Support KEMs To: internals@lists.php.net References: Content-Language: en-US Autocrypt: addr=ericmann@php.net; keydata= xsFNBFg4q4YBEAD50HOLDAVpW88rUHnX/TYTCLpqmHMKXPjuf1l3ZEkY3PXF6wqmqaWWMPeW JFsik3cMebtLQzsgXHl4xDUBQhOOtdfax2ZKBHQmoUknw2dKkqdkVLh8Xpu8tw00SmcTiAFV CA2+HOqQ+Drq9NUpnMeJpJZiZu84eZbJBEzgabi0s4jf67NH7E3ENFb8DRilcM1aNT0rD1xV KR1spMKmBmOoJ/pj5OlWNH34/qdeqIrvKB46/pFELH8SRiorYTDhQTaS0PlT3LxRqVWo8+Jl gnFIe96p2d7JF1A1DwQUJerRY4789gNYzjW4fh1tc6jtTE2opbLVfbqujHsxrHFKoBO4CPBc Ptzf6TUPxDevvBh9omsd+V5FW7k/VFIiWFQv0RfQe8nwkNjmA0U3TOX3xKrU+59RU6w+uOuQ y564jxg691a7peiQ2Y90FqIVUlEL9Guf8U9ezp1DGo/UhnRNJcPmSwhYRcKMUV53mDqWQW8p 7XXjSqnVVF3cP9bc94UNAf28kXvnJBMGOZwp19dqD7ws+25WM6qQ7u7qQoGZzSI4Wn0ZaXnF rXwQXfY4+R20XSDt3oxGP8h08VSz09Xd3C7XV8Eg+0RrTSXVtZruAdcOIE/AWK4aBpN7yfGl MTfOOoYZa5tPFYf906yE56vtHcfJttJ7CO+kQMIW5PgRVMAE/QARAQABzRxFcmljIE1hbm4g PGVyaWNtYW5uQHBocC5uZXQ+wsGOBBMBCgA4FiEEr9hpH9rt8DvfbkYFY/Fam3FTdsoFAmRj nNgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQY/Fam3FTdsqv3BAAhDY7/d3oxt3Y zD5HGdJhqL0Ij6pqBMpW/GbF12eKxnnmz0VitT7lzayD7UHzUzTT8ZwSbrOaH2SIUFMl//vg L4PW7aUpYgSl00mowvazp1CG2085B8H8N1rXJKgUYuQfdmco8qfha0iI6YWH65CSBNupl5ma CBwXk6cX3C2XVJ3AP6rz4bnVJLohc88PQwSX33hWEHYxQh2mJ0Eb40QTB+pS2iU2W2+Mhd33 ryAGrCIZod76uCkNge+vioshDOlKxDA1j77tJiAO3FJkix1LOM13SQmapeqP7HnGfkNPZSNa ZiOcOxM6rPAGk1sBUZSfktnDu4gdW74yC/IcCqyQZVyXV3OVvatkBXHz90yje5zC6YKP3IU/ CUU4XMdWr9KfYpnfi42JF1KT9G8Iv33HbpMikgJrJtHgUxoKXQ0rzoT3gh4jUK8q4OPaCRBV CE3MqVwyc4Joj0/97X4/Hqa78pf874xKNRY5K18NDM+su3WwYfp7kkEpc2YMHDjzUenQZJRK HOIJXgwK0pibSM41okMZFE3o9G8DdMUMQRqeCM/cbpivfmnCAVqGk5VFLYcWxQsq0b6nlqTv 9k+fqH3WtJAS1NDzX1axrJ0tPfKPQlZTvBAZIp6KDfO1MvovnVO21erG33lI2o+0fonX3k6g PuQKbXNZG4QcaSTAV9WUp0HOwU0EWDitHQEQAMW49+DpWQNZIhI6JchxlXEhK374TcZqKjpf 7D9Zdr7zDB2iRD8cKxvMyr566RHpoD/6otd0f267kRVjHTL11TKutSKlwT27+nJcoFRRF1Sh BU2gPj9u1tasUsDPuRXlW/BA8yPePWXdxaizTY7kGxwCo7M2QkSGhHh4m+1AuYhsZYdCudaN uKSNFD6CtxBwKE4Now3svD3TzZJ2L2IxGOUOUw7mq6WJygYIXeYycVUggEbHpYcL35vmbYNb Wqd1Cw0bcjzQ32Yi89u1t9YOtatPgAcMT9LLLgRkD0Fg6YOQuobhsosH2fRy332nuL6QFdk4 Zf1WlKF1PjiYRg3km+QgOipIjK3RfKiA74RrbvUr+zUWW3fN0qzxrF2ub8MyoECPzRjfo8x5 8gl45SV1pXBYlFJpdA0aS+T7upVOY6g6fvFB7n4xl/3aK5uXsH2klKa7TwRtLCAVttGV2dkC PHZxqTNKc0/UvO2rjGKtEMYgpvzoHwtSM6FiWphcgWGiRS7qHBZYcgL7wV9Lkm2ZNRyhtIko UDvkaEZXc3AlIis4cUEJjpGwIeSnViU8Fep9M26zhSwmHYjFD+lburOZAMpCK+wsU214Mlbn QZZhJcTyCnORHnvDUZTwM3XYVLdhfqP8a0sfdg6VkGJo0kht30CMHJzp0EyGt8mOPLyC3LIP ABEBAAHCwXYEGAEKAAkFAlg4rR0CGwwAIQkQY/Fam3FTdsoWIQSv2Gkf2u3wO99uRgVj8Vqb cVN2ylVlD/49gOcib5GxCuYJLYlpYJRKBpptFvfgBsiq2D03w0U7Y+POi+jrHqa2LSeW6DFL GEKgL+1xJCFGKFJ/Cm2eCt4fpGitfaOFgLO/gdjjgPFQsuFm3840sKcXSql4w9W9Z+oPg/9d uL4xDqevuv3mOQO+R1Bt/4V+9vNk01kX1ftMRyMXhlqjPRUUp+tSQTT5KM5uxD3tLCWxcBxE iOjZ94ngiRuFuiNSnZ16GMckEh9Mum1Y+R4wJsRaZeulrmA02aML41IkZTHALRhKyxbDfjVe MURHM5gBhPYUVw9joxnXCzC+BRCDFw7bVL853LwgSq2gXZC0Rfdu2aBtLXWliGdmtv9FwKCL FrECygxbUu2fGB5/aMQ0otV2rgjaigPfhZoEQY0QasAQ4W+CR8fOGURWosoAKpLbeUGd9/zO f253g3XoN13wwTKyjhXKENUPw8ZqvjdPO+tgNnOLUnPO6K10ePbW4vaZdFCdixumxqZPokeB PkBPZq8oeAswkgWahKwQ7ZfgU4HTLMte3NEn/2WZQsLUo68IMaTCKt3AHvGoYi86wtd6/3Db NMxNsWamr8SWzia/1DGM5F1o3ClrZetD+eZN13duF3gI/1x+++5LhWP+qxPPOzBhXZG5zJ2P 3+eRwWuS79ZGfoh6w7uF4A3rkjkKfpAIwrNI2WlAKXWdBQ== In-Reply-To: From: ericmann@php.net This is a multi-part message in MIME format. --------------9oOwvykugvrm0wrMD7wbdkWv Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 2/13/25 06:51, Paragon Initiative Enterprises Security Team wrote: > OpenSSL 3 introduced a KEM API, which is an abstraction for the kinds > of cryptographic operations used by the NIST post-quantum cryptography > standards (i.e., FIPS-203). > > KEM stands for "Key Encapsulation Mechanism". It's the preferred way > to do asymmetric cryptography. Even RSA-KEM is safer than how most > people experience RSA encryption. > > The relevant functions are EVP_PKEY_encapsulate() and > EVP_PKEY_decapsulate(). > > https://github.com/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L225 > > https://github.com/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L262 > > Currently, these APIs only seem to support classical cryptography > (ECC, RSA), but that is one of the APIs that will enable post-quantum > cryptography for software using OpenSSL in the future. > > We intend to send a pull request later this year to include PHP > functions in the OpenSSL extension that look like this: > > function openssl_kem_encaps(OpenSSLAsymmetricKey $pk): array; >   // 0 -> shared secret (typically 32 bytes) >   // 1 -> KEM ciphertext for decaps > function openssl_kem_decaps(OpenSSLAsymmetricKey $sk, string > $kemCiphertext): string; >   // Returns a shared secret or throws an exception upon decryption > failure. > > I don't know if this change needs an RFC or not, but I wanted to start > the discussion just in case. > > Security Team > Paragon Initiative Enterprises -- I, for one, would love to see this land and also view it as natural evolution of support for OpenSSL within PHP. Which is to say, I don't think an RFP would be necessary here and we should just work to add this support moving forward. --------------9oOwvykugvrm0wrMD7wbdkWv Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
On 2/13/25 06:51, Paragon Initiative Enterprises Security Team wrote:
OpenSSL 3 introduced a KEM API, which is an abstraction for the kinds of cryptographic operations used by the NIST post-quantum cryptography standards (i.e., FIPS-203).

KEM stands for "Key Encapsulation Mechanism". It's the preferred way to do asymmetric cryptography. Even RSA-KEM is safer than how most people experience RSA encryption.

The relevant functions are EVP_PKEY_encapsulate() and EVP_PKEY_decapsulate().

https://github.com/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L225

https://github.com/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L262

Currently, these APIs only seem to support classical cryptography (ECC, RSA), but that is one of the APIs that will enable post-quantum cryptography for software using OpenSSL in the future.

We intend to send a pull request later this year to include PHP functions in the OpenSSL extension that look like this:

function openssl_kem_encaps(OpenSSLAsymmetricKey $pk): array;
  // 0 -> shared secret (typically 32 bytes)
  // 1 -> KEM ciphertext for decaps
function openssl_kem_decaps(OpenSSLAsymmetricKey $sk, string $kemCiphertext): string;
  // Returns a shared secret or throws an exception upon decryption failure.

I don't know if this change needs an RFC or not, but I wanted to start the discussion just in case.

--
I, for one, would love to see this land and also view it as natural evolution of support for OpenSSL within PHP. Which is to say, I don't think an RFP would be necessary here and we should just work to add this support moving forward.
--------------9oOwvykugvrm0wrMD7wbdkWv--