Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:126400
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id DF2CB1A00BC
	for <internals@lists.php.net>; Thu, 13 Feb 2025 22:34:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1739485933; bh=cFuNn4Bu7vvY+8GqSapDDS9Yxnd4Xqywm50qTT2hZf8=;
	h=Date:From:To:In-Reply-To:References:Subject:From;
	b=RZqtoe0ZKCCFSgQlVD7EdVsY74tjmdwFqj+mZuo2s/6u/SZR6mAkrT6ATh/FSydvK
	 KqARRjvtTHo2aI/WaVcHUmnMiry7xjnMzkqK9EStpRiHhS6p8ETA9QqezckDCrfT8q
	 b8XGagH+Lr4vTP6xYg21a49lOduN3AhZMrqzjkHjZj0UV1HjVaYRbG3nGOr7tbKSgB
	 pL5SX8/0BKIrxWC7PNUsAvwo/ETH1+4H/MDchRD94mRypRt4OtYVGxeZZ3QXnRjcxw
	 EIWOD9JRQAZQ3yi1dPwobT2J3pbuSwydqxqKw8+rra9ZrvuCGVS+Ns1MKeNhxA3qZ2
	 3Q8zPXI8vAdZg==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 4335D180034
	for <internals@lists.php.net>; Thu, 13 Feb 2025 22:32:13 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,RCVD_IN_DNSWL_LOW,
	SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <larry@garfieldtech.com>
Received: from fhigh-a2-smtp.messagingengine.com (fhigh-a2-smtp.messagingengine.com [103.168.172.153])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 13 Feb 2025 22:32:13 +0000 (UTC)
Received: from phl-compute-10.internal (phl-compute-10.phl.internal [10.202.2.50])
	by mailfhigh.phl.internal (Postfix) with ESMTP id 88A4211401EC
	for <internals@lists.php.net>; Thu, 13 Feb 2025 17:34:55 -0500 (EST)
Received: from phl-imap-06 ([10.202.2.83])
  by phl-compute-10.internal (MEProxy); Thu, 13 Feb 2025 17:34:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	garfieldtech.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to; s=fm3; t=1739486095; x=1739572495; bh=Y0b/7SK8NX0Drm4jhL1o/
	VkMlI9Vlt/SrZlhgqqMTfs=; b=HBqDp/Uog5U3Lv753lnzWfv4waCz+JU2Wzg36
	/DpGfIa8uJOEdxloSkCCZEETwtFDJoli/xEgUVUmLfUu4jPFdsj8qSKlDXQFRNvd
	X6qMT7QVuOCM/bCOOr86oIFqNkDnoxVUeHkvqHBl8TJCazWVv42Z8Wna6zICR1DB
	ydvvSj0cd3jhUP4BEIan2mH/FOuaNzNzojYBRDhnbwCwkRMs0EBqWDYci6Fx0UE6
	QIY1E7H6TjaHu7FjGU9//1wJUajqGcwBVJoJ4Ew/2sAbR78LEIJnYnOcKNUyzZXH
	E6gTQJqRn745CbPz165WuMO8K4Nhfw3E7OUn28ZTw7R7+tuMQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to:x-me-proxy:x-me-sender
	:x-me-sender:x-sasl-enc; s=fm3; t=1739486095; x=1739572495; bh=Y
	0b/7SK8NX0Drm4jhL1o/VkMlI9Vlt/SrZlhgqqMTfs=; b=DM5tyvKPn8arQ3dhO
	GBJbXSnJ8S2S/7RqfnYipT3Fw4/BWvzv/Ngq8xt+LgTzLVYiWEMYYXaPdWY6LrKk
	XaPqMcElqDebhwZKZOlCKrj7kffbawAYDwa3bXAfMLNzbNJkQMuCyaLDtLSJOK0l
	ywjF58ZP6hzvO9cUOD0REm3Ys2mXCkR2xDLDsMMdd1oaQSBhVCFPGyJZqwqP73eR
	rkYfjnC35zcPLRq1TiAI6KqxgBs6XCjZ6H9CKiiqJ1OwTYROByygdmpiEvrIsvT8
	HpzouhTcGABx9wMowyl06Y6DqUsyPuJ74GyR//7r8Es6T2Xo83FJD9hA8Yvv+dKI
	5fFhQ==
X-ME-Sender: <xms:j3OuZ2meZ99ScZdRYlbEtKD_5VomzbBgSrUlyg3tYBphzhFWFJKpLQ>
    <xme:j3OuZ93kMpaAZWEKQJ45lAXVbUE0HzJ4fIsJwpImmOJNr5zuLMw_pmI0j7sGK09XN
    -KX4lLW968G3w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdegjeellecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
    uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg
    hnthhsucdlqddutddtmdenucfjughrpefoggffhffvkfgjfhfutgfgsehtjeertdertddt
    necuhfhrohhmpedfnfgrrhhrhicuifgrrhhfihgvlhgufdcuoehlrghrrhihsehgrghrfh
    hivghlughtvggthhdrtghomheqnecuggftrfgrthhtvghrnhepteekieehffffleeuieeg
    vdfhlefgfeetgeejleejheeuheevfefhffefvdelueefnecuffhomhgrihhnpehgihhthh
    husgdrtghomhdpphgrrhgrghhonhhivgdrtghomhenucevlhhushhtvghrufhiiigvpedt
    necurfgrrhgrmhepmhgrihhlfhhrohhmpehlrghrrhihsehgrghrfhhivghlughtvggthh
    drtghomhdpnhgspghrtghpthhtohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthht
    ohepihhnthgvrhhnrghlsheslhhishhtshdrphhhphdrnhgvth
X-ME-Proxy: <xmx:j3OuZ0pYZkb6yNJb85lAEVnt4RnSKrtxOKkJgbXVCzZk_LbGR1qDwQ>
    <xmx:j3OuZ6l_AcJF0oqflCyntLJjucUsdpGd3qMiKA2yjxK-vc-TJIaRVA>
    <xmx:j3OuZ031ZG3KUXQI1unDyExgP2rkt3UmopDiumr9aneG6vB89Qqs6A>
    <xmx:j3OuZxs8QrJ0s8Zq-heA6dTLcg6_ayiH1ky_5plAUIGmxp6vvYIItQ>
    <xmx:j3OuZ1j2ab8QRypx1lkKVLuf1zTR4w8Ik0u2ot1kzhXIS0U5DaDRVT_d>
Feedback-ID: i8414410d:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501)
	id 4CCB029C006F; Thu, 13 Feb 2025 17:34:55 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
Date: Thu, 13 Feb 2025 16:34:35 -0600
To: "php internals" <internals@lists.php.net>
Message-ID: <57890163-60fa-47aa-9150-e8015ba9b28d@app.fastmail.com>
In-Reply-To: 
 <CAKws9z2-e8YnGbdpp0BJvEBEiEsqHQMzyAo+Vee4naXy5mK40w@mail.gmail.com>
References: 
 <CAKws9z2-e8YnGbdpp0BJvEBEiEsqHQMzyAo+Vee4naXy5mK40w@mail.gmail.com>
Subject: Re: [PHP-DEV] Update OpenSSL Extension to Support KEMs
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
From: larry@garfieldtech.com ("Larry Garfield")

On Thu, Feb 13, 2025, at 8:51 AM, Paragon Initiative Enterprises Security Team wrote:
> OpenSSL 3 introduced a KEM API, which is an abstraction for the kinds 
> of cryptographic operations used by the NIST post-quantum cryptography 
> standards (i.e., FIPS-203).
>
> KEM stands for "Key Encapsulation Mechanism". It's the preferred way to 
> do asymmetric cryptography. Even RSA-KEM is safer than how most people 
> experience RSA encryption.
>
> The relevant functions are EVP_PKEY_encapsulate() and EVP_PKEY_decapsulate().
>
> https://github.com/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L225
>
> https://github.com/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L262
>
> Currently, these APIs only seem to support classical cryptography (ECC, 
> RSA), but that is one of the APIs that will enable post-quantum 
> cryptography for software using OpenSSL in the future.
>
> We intend to send a pull request later this year to include PHP 
> functions in the OpenSSL extension that look like this:
>
> function openssl_kem_encaps(OpenSSLAsymmetricKey $pk): array;
>   // 0 -> shared secret (typically 32 bytes)
>   // 1 -> KEM ciphertext for decaps
> function openssl_kem_decaps(OpenSSLAsymmetricKey $sk, string 
> $kemCiphertext): string;
>   // Returns a shared secret or throws an exception upon decryption 
> failure.
>
> I don't know if this change needs an RFC or not, but I wanted to start 
> the discussion just in case.
>
> Security Team
> Paragon Initiative Enterprises <https://paragonie.com/security>

I am also fully on board with including quantum-safe crypto mechanisms, but I believe it should go through an RFC.  If for no other reason than just in this thread we're already discussing ways to make the API more ergonomic, which means there's no obviously-correct consensus on the API, and an RFC is the standard process currently for working through that.

I also echo what others have said about array returns.  No.  Make it a readonly object with well-named public properties.  ('sk', 'pk', etc. are not well-named.)

--Larry Garfield