Create a gist now

Instantly share code, notes, and snippets.

@ezimuel /bench.php Secret
Last active May 12, 2017

What would you like to do?
OpenSSL AEAD support in PHP 7.1
<?php
// Benchmark GCM vs. CCM with PHP 7.1
// Result: GCM is 3x faster than CCM
$key = random_bytes(32);
$data = random_bytes(1024 * 1024 * 10); // 10 Mb
$iv = random_bytes(openssl_cipher_iv_length('aes-256-gcm'));
$start = microtime(true);
$ciphertext = openssl_encrypt($data, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag);
$gcmTimeEnc = microtime(true) - $start;
$start = microtime(true);
$decrypt = openssl_decrypt($ciphertext, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag);
$gcmTimeDec = microtime(true) - $start;
if ($decrypt !== $data) {
throw new Exception("Decryption failed for GCM");
}
$iv = random_bytes(openssl_cipher_iv_length('aes-256-ccm'));
$start = microtime(true);
$ciphertext = openssl_encrypt($data, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag);
$ccmTimeEnc = microtime(true) - $start;
$start = microtime(true);
$decrypt = openssl_decrypt($ciphertext, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag);
$ccmTimeDec = microtime(true) - $start;
if ($decrypt !== $data) {
throw new Exception("Decryption failed for CCM");
}
printf("GCM (enc): %.4f, GCM (dec): %.4f\n", $gcmTimeEnc, $gcmTimeDec);
printf("CCM (enc): %.4f, CCM (dec): %.4f\n", $ccmTimeEnc, $ccmTimeDec);
<?php
$iv = random_bytes(openssl_cipher_iv_length('aes-256-ccm'));
$key = random_bytes(32);
$data = random_bytes(1024);
// Encryption and authen
$ciphertext = openssl_encrypt($data, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag);
// the message is $tag . $ciphertext
// Uncomment to alter 1 bit in ciphertext
// $i = rand(0, mb_strlen($ciphertext, '8bit') - 1);
// $ciphertext[$i] = $ciphertext[$i] ^ chr(1);
$decrypt = openssl_decrypt($ciphertext, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag);
if (false === $decrypt) {
throw new Exception("Authentication failed!");
}
printf ("Decryption %s\n", $data === $decrypt ? 'Ok' : 'Failed');
// Additional authenticated data
$aad = 'foo@domain.com';
$ciphertext = openssl_encrypt($data, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag, $aad);
// the message is $aad . $tag . $ciphertext
// Uncomment to alter 1 bit in additional authenticated data
//$i = rand(0, mb_strlen($aad, '8bit') - 1);
//$aad[$i] = $aad[$i] ^ chr(1);
$decrypt = openssl_decrypt($ciphertext, 'aes-256-ccm', $key, OPENSSL_RAW_DATA, $iv, $tag, $aad);
if (false === $decrypt) {
throw new Exception("Authentication failed!");
}
printf ("Decryption %s\n", $data === $decrypt ? 'Ok' : 'Failed');
<?php
$iv = random_bytes(openssl_cipher_iv_length('aes-256-gcm'));
$key = random_bytes(32);
$data = random_bytes(1024);
// Encryption and authen
$ciphertext = openssl_encrypt($data, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag);
// the message is $tag . $ciphertext
// Change 1 bit in ciphertext
//$i = rand(0, mb_strlen($ciphertext, '8bit') - 1);
//$ciphertext[$i] = $ciphertext[$i] ^ chr(1);
$decrypt = openssl_decrypt($ciphertext, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag);
if (false === $decrypt) {
throw new Exception("Authentication failed!");
}
printf ("Decryption %s\n", $data === $decrypt ? 'Ok' : 'Failed');
// Additional authenticated data
$aad = 'foo@domain.com';
$ciphertext = openssl_encrypt($data, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag, $aad);
// the message is $aad . $tag . $ciphertext
// Change 1 bit in additional authenticated data
//$i = rand(0, mb_strlen($aad, '8bit') - 1);
//$aad[$i] = $aad[$i] ^ chr(1);
$decrypt = openssl_decrypt($ciphertext, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag, $aad);
if (false === $decrypt) {
throw new Exception("Authentication failed!");
}
printf ("Decryption %s\n", $data === $decrypt ? 'Ok' : 'Failed');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment