Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:81581 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 17202 invoked from network); 2 Feb 2015 10:57:28 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2015 10:57:28 -0000 Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.173 as permitted sender) X-PHP-List-Original-Sender: leight@gmail.com X-Host-Fingerprint: 209.85.212.173 mail-wi0-f173.google.com Received: from [209.85.212.173] ([209.85.212.173:58889] helo=mail-wi0-f173.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F5/B0-13421-7185FC45 for ; Mon, 02 Feb 2015 05:57:27 -0500 Received: by mail-wi0-f173.google.com with SMTP id r20so15760427wiv.0 for ; Mon, 02 Feb 2015 02:57:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ALyot1iNgcNaIIaaMmb1253SHA8xf7hwOMZDMl8rcaI=; b=bvOXjX45Efj0y5Wa76PFWdB39VNb1TJhRgMm6cOwU1mpWJIQrpkoX1rO4owNltp2KM f3SyBYa+NS32BXMWc7HrZVsqenmGBk3RyNiR1hOckJyBrNEiTl6DXNfhDlMACHqyuK5i hGS4GVH0cxGvfDhezhWyrQYzxLw4BNJIel2znsjIrPFtxTg8XypqJFgXVcGmZ/L+e2I6 6X2CGT1uUbMqya13ak4rKE84kAQ49c6eDSF55fFer8rHW5cMdKSXJd8dlasNjaFzI2QD 8+3OXGMf0vPgMPNTqnkOawWe0N+WcCdWvVH8oDRC0lAlgfwi3+3cUAl7LUCVA3TpGLat SSug== MIME-Version: 1.0 X-Received: by 10.180.105.66 with SMTP id gk2mr22511752wib.30.1422874644381; Mon, 02 Feb 2015 02:57:24 -0800 (PST) Received: by 10.216.50.139 with HTTP; Mon, 2 Feb 2015 02:57:24 -0800 (PST) In-Reply-To: References: Date: Mon, 2 Feb 2015 10:57:24 +0000 Message-ID: To: Jakub Zelenka Cc: Jason Gerfen , PHP internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] OpenSSL ext. improvements for authenticated cipher modes. From: leight@gmail.com (Leigh) On 1 February 2015 at 17:57, Jakub Zelenka wrote: > Hey, > > I have already implemented all of this in crypto ext ( > https://github.com/bukka/php-crypto ) and also added support for streams > (e.g. > https://github.com/bukka/php-crypto/blob/master/tests/stream_filters_cipher_gcm_dec_read.phpt > ) and objective context. However crypto is and probably quite some time will > be in the dev stability. I have put that work on hold for some time (due to > php 7 api changes) but plan to resume it soon. I hadn't seen this before. Has it been discussed somewhere and I missed it? Watching the repo for now, hopefully I can find some time to look over it and contribute. > Anyway this is a bit different as it is a bit more complex and bit too much > for openssl ext. The thing is that the symmetric cypto functions are just > openssl_encrypt and openssl_decrypt and they don't have any context. I'm not > sure how the proposed openssl_*et_tag would work without context. The They would work by dirty hacks :) Like Daniel said, introducing state is not a preferred option. > string openssl_encrypt ( string $data , string $method , string $password [, > mixed $options = NULL [, string $iv = "" [, string &$tag = NULL ] ] ] ) > > The options would be overloaded for BC (if it's int, then the same as before > or you can use array for further options as AAD...). > > What's you thoughts? This is what I originally imagined doing. But the options array isn't necessary if we say that we don't want the user to control the tag length (not sure how of > Btw. I think I could do or help with the implementation if there is an > interest in that feature in PHP 7 . It would be sort of port from crypto > where I also have bunch of test for that (supported are just ccm and gcm). I'm happy doing the implementation but review and critique always welcome.