Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:93991
Return-Path: <scott@paragonie.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 80289 invoked from network); 15 Jun 2016 01:51:13 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Jun 2016 01:51:13 -0000
Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain paragonie.com designates 209.85.218.53 as permitted sender)
X-PHP-List-Original-Sender: scott@paragonie.com
X-Host-Fingerprint: 209.85.218.53 mail-oi0-f53.google.com  
Received: from [209.85.218.53] ([209.85.218.53:33375] helo=mail-oi0-f53.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 19/59-27860-094B0675 for <internals@lists.php.net>; Tue, 14 Jun 2016 21:51:12 -0400
Received: by mail-oi0-f53.google.com with SMTP id u201so12637964oie.0
        for <internals@lists.php.net>; Tue, 14 Jun 2016 18:51:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paragonie-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc;
        bh=YDn4fOs0Hhpjt3sE8bltqb4ET/F9JHwjzyZtHUXwmCE=;
        b=RR6emZ6MUwzRIcY8RJb7DVRx32F5hCDzR9zwbFpwOAu/Hdf2X3bV4N0l7FWC0kskoN
         MKZ918zhzDa4UI+l3U9A5reSwaIMT5H1eJlQNoTc6wMWgweSPLGAso0jfB7B+TfymoFe
         CDxLiugoC8uF66BSv524GW6zkYBsnnfRoAwy3kvFBxdjk+XWLY98GZL1QAGUT001kPha
         joWGMGhOC8brACJO/GKje0hqQlFW4XKYu+/p9vI+UzTCLL9HP1dNdbd0qoHsgV5aANam
         7kYkOWYukDZu5P+F15K2TIlXhvynvW9rpvLWrtiIRjvPjK6shAk0hbd1E0Fjx/cREfLD
         qHNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:cc;
        bh=YDn4fOs0Hhpjt3sE8bltqb4ET/F9JHwjzyZtHUXwmCE=;
        b=K+jkzwfQqWQnZot3gY94JOLrxvLlv+V88oiDjbb3Ryz1usLCq/oGj7hKxy15XNifrQ
         ydBNuscv+wS7mTz3zJSrSpm4BAX5fcQCxtIN6en8LkT72E0rbUe8Grh/vB8ckj1+sQVa
         StAkMnxm78xSYvPhpjVFpP0d7JdswKZC6dJcKYEv+WtppFkmwtABzLISmJPeco65OJx8
         Cke9fUH3IAct5jRhstHv68BgItGORNq8EK+kFYEGf6L8p90FQnPr37DQRzTZOCzxTkgQ
         TlozFnjNAZrE7dW9sUyD7t9swIHyHAZtTj4LtE6IcjmLxKQZYM1LxYSvOS8gWDQQRyG5
         ytdA==
X-Gm-Message-State: ALyK8tKTQARYfqWBGO2JnF9egA+yJabNGVU4PJqvRguVDiYdYg5SaOOYvRdSKDYxUAF+C+gO8qMQ3TYgwz+UGw==
MIME-Version: 1.0
X-Received: by 10.157.14.174 with SMTP id 43mr11440063otj.83.1465955469488;
 Tue, 14 Jun 2016 18:51:09 -0700 (PDT)
Received: by 10.157.10.101 with HTTP; Tue, 14 Jun 2016 18:51:09 -0700 (PDT)
In-Reply-To: <57609B96.6080905@snowgarden.ch>
References: <57609B96.6080905@snowgarden.ch>
Date: Tue, 14 Jun 2016 21:51:09 -0400
Message-ID: <CAKws9z1Yk7XmPVnCsXYeMdZXiovK-kDn=UtzkYgs0V+dUa--6g@mail.gmail.com>
To: Dominic Luechinger <dol+php@snowgarden.ch>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a113db4ba04106e0535475bfa
Subject: Re: [PHP-DEV] [OpenSSL] Support for ECC public key generation
From: scott@paragonie.com (Scott Arciszewski)

--001a113db4ba04106e0535475bfa
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 14, 2016 at 8:04 PM, Dominic Luechinger <dol+php@snowgarden.ch>
wrote:

> This is a short introduction of a feature I've been working on.
>
> Summary
> -------
> The current OpenSSL extension only supports generating RSA key pairs.
> The PR [1] adds support for ECC (Elliptic curve cryptography) key
> generation. The corresponding bug is 61204 [2].
> -------
>
> Motivation
> ----------
> Why needs PHP support for creating ECC key pairs?
> ECC has the benefit to give the same security grantees as RSA but with
> smaller key sizes.
> The current workaround without this improvement is to generate a key
> pair with the help of the OpenSSL CLI tool (PHP exec) or use a userland
> library like phpecc [3]. To protect against cryptography attack vectors
> like timing attack or other side-channel attacks in PHP is quite
> difficult. A native support would solve this issue or at least gives the
> responsibility to the underlying crypto library.
> ----------
>
> In details
> ----------
> The PR introduces new '$configargs' setting to openssl_pkey_new [4].
> E.g.:
>
> openssl_pkey_new(
>   array(
>     'curve_name' =3D> 'secp384r1',
>     'private_key_type' =3D> OPENSSL_KEYTYPE_EC,
>   )
> );
>
>
> With the new ECC support it's also possible to load ECC key parameters
> into the openssl_pkey_new to create a key resource.
>
> openssl_pkey_new(
>   array(
>     'ec' =3D> array(
>       'curve_name' =3D> 'prime256v1',
>       'd' =3D>
> gmp_export('3138550867681922400546388175470823984762234518836963313664'),
>     ),
>   )
> );
>
> A use case of this possibility is e.g. the transformation on a JWK [5]
> to a ECC key resource.
>
> Despite the extension of openssl_pkey_new a new PHP function is introduce=
d:
> openssl_get_curve_names() list names of the supported curves of the
> underlying OpenSSL core. This function could be used to check if a
> certain curve is supported and could be referenced when generating a new
> key pair.
>
> I'd like to outline that the ECC support is not a new feature. PHP is
> capable of reading and working with ECC key pairs. I've contributed some
> patches to improve the support.
>
> To work with ECC key pairs but not being able to generate a new key pair
> is the main motivation of this PR.
> ----------
>
> Reference to other languages
> ----------------------------
> The following languages have support for a ECC key pair generation:
> Ruby [6]
> Python via cryptography [7]
> Golang [8]
> Java via Bouncycastel [9]
> ----------------------------
>
> Regards
>
> Dominic Luechinger
>
>
> [1] https://github.com/php/php-src/pull/1686
> [2] https://bugs.php.net/bug.php?id=3D61204
> [3] https://github.com/phpecc/phpecc
> [4] http://php.net/manual/en/function.openssl-pkey-new.php
> [5] https://tools.ietf.org/html/rfc7517#page-25
> [6]
> http://ruby-doc.org/stdlib-2.0.0/libdoc/openssl/rdoc/OpenSSL/PKey/EC.html
> [7] https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/
> [8] https://golang.org/pkg/crypto/elliptic/#GenerateKey
> [9]
>
> http://www.bouncycastle.org/wiki/display/JA1/Elliptic+Curve+Key+Pair+Gene=
ration+and+Key+Factories
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

While we're at it, can we also add a function to generate (ephemeral)
Elliptic Curve Diffie-Hellman keys, and then use openssl_dh_compute_key()
with ECDH keys? Because that would be a lot saner than having to
shell_exec() to the OpenSSL binary in userland.

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com/>=E2=80=8B

--001a113db4ba04106e0535475bfa--