On 1 February 2015 at 17:57, Jakub Zelenka <bu...@php.net> wrote: > Hey, > > I have already implemented all of this in crypto ext ( > https://github.com/bukka/php-crypto ) and also added support for streams > (e.g. > https://github.com/bukka/php-crypto/blob/master/tests/stream_filters_cipher_gcm_dec_read.phpt > ) and objective context. However crypto is and probably quite some time will > be in the dev stability. I have put that work on hold for some time (due to > php 7 api changes) but plan to resume it soon.
I hadn't seen this before. Has it been discussed somewhere and I missed it? Watching the repo for now, hopefully I can find some time to look over it and contribute. > Anyway this is a bit different as it is a bit more complex and bit too much > for openssl ext. The thing is that the symmetric cypto functions are just > openssl_encrypt and openssl_decrypt and they don't have any context. I'm not > sure how the proposed openssl_*et_tag would work without context. The They would work by dirty hacks :) Like Daniel said, introducing state is not a preferred option. > string openssl_encrypt ( string $data , string $method , string $password [, > mixed $options = NULL [, string $iv = "" [, string &$tag = NULL ] ] ] ) > > The options would be overloaded for BC (if it's int, then the same as before > or you can use array for further options as AAD...). > > What's you thoughts? This is what I originally imagined doing. But the options array isn't necessary if we say that we don't want the user to control the tag length (not sure how of > Btw. I think I could do or help with the implementation if there is an > interest in that feature in PHP 7 . It would be sort of port from crypto > where I also have bunch of test for that (supported are just ccm and gcm). I'm happy doing the implementation but review and critique always welcome. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
