Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90228 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 97110 invoked from network); 6 Jan 2016 19:59:56 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Jan 2016 19:59:56 -0000 Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.49 as permitted sender) X-PHP-List-Original-Sender: jakub.php@gmail.com X-Host-Fingerprint: 209.85.213.49 mail-vk0-f49.google.com Received: from [209.85.213.49] ([209.85.213.49:35273] helo=mail-vk0-f49.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 8B/DD-21755-A327D865 for ; Wed, 06 Jan 2016 14:59:54 -0500 Received: by mail-vk0-f49.google.com with SMTP id k1so162222994vkb.2 for ; Wed, 06 Jan 2016 11:59:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=45+Rz6ymwhqr0H8zXX236XYlyoszHPuDadXAvhTQ3/A=; b=MDQ+f58s9IGfLiSAO/nXMaaJfUNbPntkLMp/xuTnZW4Y9LAkdNQvjeIVnBQj+1F/jX jvm0WMnijFjtlp+Vn86p7gFgv5S9CnZHCva7HJ2/6vmpWVeG7nBEKlmq/SWGJes6FGgC o+3zLx1yUE5P1Q0JWI68a2laWYHq0+ZnWWgByiIiRtzcP97ZjJ4Mxqi+pAdc198Ru60L 9YFja0LCbQPyAhEqf2mznvfPULVBfEdwX9xubLuNvc8vINxgEHfsIP7f9eGBz63HCOHn tJLkUxaEjTe7ZRphcIfehZ8xwwVw4KXQ5B1qN4/LzgmBdSMyKKoybU5mdvPM+15EtblZ RFqw== MIME-Version: 1.0 X-Received: by 10.31.167.195 with SMTP id q186mr5585981vke.113.1452110390761; Wed, 06 Jan 2016 11:59:50 -0800 (PST) Sender: jakub.php@gmail.com Received: by 10.31.106.70 with HTTP; Wed, 6 Jan 2016 11:59:50 -0800 (PST) In-Reply-To: References: Date: Wed, 6 Jan 2016 19:59:50 +0000 X-Google-Sender-Auth: pZQXp4vmVxwEJ9SkK6PzNV78kps Message-ID: To: Bishop Bettini Cc: PHP internals list Content-Type: multipart/alternative; boundary=001a11425fba041e350528afccf1 Subject: Re: [PHP-DEV] [RFC] OpenSSL AEAD support From: bukka@php.net (Jakub Zelenka) --001a11425fba041e350528afccf1 Content-Type: text/plain; charset=UTF-8 On Wed, Jan 6, 2016 at 7:28 PM, Bishop Bettini wrote: > On Wed, Jan 6, 2016 at 11:09 AM, Jakub Zelenka wrote: > >> Hi, >> >> On Wed, Jan 6, 2016 at 3:35 PM, Bishop Bettini wrote: >> >>> >>> I think the API might need to be more generic so that any future cipher >>> modes with different parameters could also be passed in. >>> >>> Please see note in >> https://wiki.php.net/rfc/openssl_aead#rejected_features . Any context >> related features will add a lot to the size of the implementation. In this >> case it would also mean introducing an object with dimension handler to the >> openssl ext which doesn't really match with the rest of the extension API. >> The proposed API is more conformant to the rest and the code addition is >> also limited which is very important from the maintenance point of view. >> > > Ok, a context resource may not be pragmatic. Perhaps a compromise in the > form of a thin wrapper: > > string openssl_encrypt_aead(string $data , string $method , string > $password [, int $options = 0 [, string $iv = "" [, string &$tag = "" [, > string $aad = "" [, int $tag_length = 16 ]]]]) > > string openssl_decrypt_aead(string $data , string $method , string > $password [, int $options = 0 [, string $iv = "" [, string $tag = "" [, > string $aad = "" ]]]] ) > > This actually feels more right anyway: openssl_encrypt only does > encryption, whereas openssl_encrypt_aead does encryption *and* > integrity. I would hate for users to pass a method of aes128 and think > they can forgo an HMAC because they thought PHP would give them back a > valid tag. > This is a good point. I would probably go with a bit different and maybe simpler solution. How about emitting notice when $tag param is supplied for non aead mode? Thanks for the feedback! Jakub --001a11425fba041e350528afccf1--