Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Warning when use \Phalcon\Crypt with aes-256-gcm #13869

Closed
michalzielanski opened this issue Feb 28, 2019 · 5 comments

Comments

Projects
3 participants
@michalzielanski
Copy link

commented Feb 28, 2019

Expected and Actual Behavior

It should work without warning.

Output:

Warning: openssl_encrypt(): A tag should be provided when using AEAD mode in /(...)/index.php on line 5

Script to reproduce the issue:

<?php
$crypt = new \Phalcon\Crypt('aes-256-gcm', true);
$crypt->setKey("12181\xda6935\xca37\xed\xeb\x14\xde\x46461\xea\xc8\x9832\x90108\xfc10575\xb275\xa3\x93\xd4\xa637\xb3\xbd");
$crypt->setHashAlgo('sha512');
echo $crypt->encrypt('Top secret');

Details

  • Phalcon version: (php --ri phalcon)
    Version => 3.4.2
    Powered by Zephir => Version 0.10.14-975ad02db4
  • PHP Version: (php -v)
    PHP 7.2.14 ( NTS )
    Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.14, Copyright (c) 1999-2018, by Zend Technologies
    with Xdebug v2.6.1, Copyright (c) 2002-2018, by Derick Rethans
  • Operating System:
    Ubuntu 18.10
  • Installation type:
    Compiling from source
@Jeckerson

This comment has been minimized.

Copy link
Member

commented Feb 28, 2019

Did you tried to set key as second param in encrypt method?
Ex: $crypt->encrypt('Top secret', 'KEY');

@michalzielanski

This comment has been minimized.

Copy link
Author

commented Feb 28, 2019

No, but it does not matter. Look at the code:

let encrypted = openssl_encrypt(padded, cipher, encryptKey, OPENSSL_RAW_DATA, iv);

The sixth argument (tag) is never passed.
From PHP documentation:

tag
The authentication tag passed by reference when using AEAD cipher mode (GCM or CCM).

@Jeckerson

This comment has been minimized.

Copy link
Member

commented Feb 28, 2019

Yep, at first I didn't count arguments and thought that iv is in corrent position...

Seems that Phalcon doesn't support GCM or CCM modes.

@michalzielanski

This comment has been minimized.

Copy link
Author

commented Mar 4, 2019

Documentation suggests using aes-256-gcm.

The `aes-256-gcm' is the preferable cipher, but it is not usable until the
openssl library is upgraded, which is available in PHP 7.1.

@niden niden added the Bug - Low label Mar 11, 2019

@niden niden added this to To do in 4.0 Release via automation Mar 11, 2019

@niden niden referenced this issue May 15, 2019

Merged

T13869 crypt aes 256 gcm #14079

4 of 4 tasks complete

@niden niden moved this from To do to In progress in 4.0 Release May 15, 2019

niden added a commit that referenced this issue May 16, 2019

T13869 crypt aes 256 gcm (#14079)
* [#13869] - Added auth data and removed insecure algos

* [#13869] - Adjustments to the interface

* [#13869] - Adjustments to tests and new tests

* [#13869] - Updated the changelog
@niden

This comment has been minimized.

Copy link
Member

commented May 16, 2019

Resolved in #14079

@niden niden closed this May 16, 2019

4.0 Release automation moved this from In progress to Done May 16, 2019

@niden niden added the 4.0 label Jun 21, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.