On 31 January 2015 at 16:13, Jason Gerfen <jason.ger...@gmail.com> wrote: > On Sat, Jan 31, 2015 at 8:53 AM, Leigh <lei...@gmail.com> wrote: >> At the very basic end of the spectrum, we could have openssl_get_tag >> and openssl_set_tag, or add an extra parameter to the end of >> openssl_encrypt and openssl_decrypt (pass by ref for encrypt, like >> preg $matches) this would cover the majority of use cases. >> > > I think exposing this to the user will only cause confusion and allow users > to implement mistakes to the algorithm and mode usage. >
set/get tag functions are alto my least favourite options. > > According to the OpenSSL documentation regarding encryption/decryption using > CCM, GCM & OCB modes for authenticated usage would require the additions of > the following constants: > > EVP_CTRL_OCB_SET_TAGLEN > EVP_CTRL_SET_IVLEN > EVP_CTRL_GET_TAG > EVP_CTRL_CCM_SET_L > EVP_CTRL_CCM_SET_IVLEN > EVP_aes_256_gcm() > EVP_aes_128_gcm() > > That coupled with the use of the > > EVP_CIPHER_CTX_ctrl() > > should provide the needed functionality as described in > http://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption > the documentation for using the EVP authenticated modes for > encryption/decryption. > Thanks, I have done some cursory research into how it should be implemented, but I wanted this discussion to be about how we should present the functionality to the user. Implementation details can come second once we have a consensus on what is/isn't too much, and what method we should use to allow this functionality to be used. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
