OpenSSL AEAD support in PHP 7.1

bench.php

<?php
// Benchmark GCM vs. CCM with PHP 7.1
// Result: GCM is 3x faster than CCM

$key = random_bytes(32);
$data = random_bytes(1024 * 1024 * 10); // 10 Mb

$iv = random_bytes(openssl_cipher_iv_length('aes-256-gcm'));
$start = microtime(true);
$ciphertext = openssl_encrypt($data, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag);
$gcmTimeEnc = microtime(true) - $start;

$start = microtime(true);
$decrypt = openssl_decrypt($ciphertext, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag);
$gcmTimeDec = microtime(true) - $start;

if ($decrypt !== $data) {
  throw new Exception("Decryption failed for GCM");
}

$iv = random_bytes(openssl_cipher_iv_length('aes-256-ccm'));
$start = microtime(true);
$ciphertext = openssl_encrypt($data, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag);
$ccmTimeEnc = microtime(true) - $start;

$start = microtime(true);
$decrypt = openssl_decrypt($ciphertext, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag);
$ccmTimeDec = microtime(true) - $start;

if ($decrypt !== $data) {
  throw new Exception("Decryption failed for CCM");
}

printf("GCM (enc): %.4f, GCM (dec): %.4f\n", $gcmTimeEnc, $gcmTimeDec);
printf("CCM (enc): %.4f, CCM (dec): %.4f\n", $ccmTimeEnc, $ccmTimeDec);

ccm.php

<?php

$iv = random_bytes(openssl_cipher_iv_length('aes-256-ccm'));
$key = random_bytes(32);
$data = random_bytes(1024);

// Encryption and authen
$ciphertext = openssl_encrypt($data, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag);
// the message is $tag . $ciphertext

// Uncomment to alter 1 bit in ciphertext
// $i = rand(0, mb_strlen($ciphertext, '8bit') - 1);
// $ciphertext[$i] = $ciphertext[$i] ^ chr(1);

$decrypt = openssl_decrypt($ciphertext, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag);

if (false === $decrypt) {
  throw new Exception("Authentication failed!");
}

printf ("Decryption %s\n", $data === $decrypt ? 'Ok' : 'Failed');

// Additional authenticated data
$aad = 'foo@domain.com';

$ciphertext = openssl_encrypt($data, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag, $aad);
// the message is $aad . $tag . $ciphertext

// Uncomment to alter 1 bit in additional authenticated data
//$i = rand(0, mb_strlen($aad, '8bit') - 1);
//$aad[$i] = $aad[$i] ^ chr(1);

$decrypt = openssl_decrypt($ciphertext, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag, $aad);

if (false === $decrypt) {
  throw new Exception("Authentication failed!");
}

printf ("Decryption %s\n", $data === $decrypt ? 'Ok' : 'Failed');

gcm.php

<?php

$iv = random_bytes(openssl_cipher_iv_length('aes-256-gcm'));
$key = random_bytes(32);
$data = random_bytes(1024);

// Encryption and authen
$ciphertext = openssl_encrypt($data, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag);
// the message is $tag . $ciphertext

// Change 1 bit in ciphertext
//$i = rand(0, mb_strlen($ciphertext, '8bit') - 1);
//$ciphertext[$i] = $ciphertext[$i] ^ chr(1);

$decrypt = openssl_decrypt($ciphertext, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag);

if (false === $decrypt) {
  throw new Exception("Authentication failed!");
}

printf ("Decryption %s\n", $data === $decrypt ? 'Ok' : 'Failed');

// Additional authenticated data
$aad = 'foo@domain.com';

$ciphertext = openssl_encrypt($data, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag, $aad);
// the message is $aad . $tag . $ciphertext

// Change 1 bit in additional authenticated data
//$i = rand(0, mb_strlen($aad, '8bit') - 1);
//$aad[$i] = $aad[$i] ^ chr(1);

$decrypt = openssl_decrypt($ciphertext, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag, $aad);

if (false === $decrypt) {
  throw new Exception("Authentication failed!");
}

printf ("Decryption %s\n", $data === $decrypt ? 'Ok' : 'Failed');