|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2021-12-06 17:09 UTC] cmb@php.net
-Status: Open
+Status: Verified
-Operating System: Windows
+Operating System: *
[2021-12-06 17:09 UTC] cmb@php.net
[2021-12-16 12:26 UTC] git@php.net
[2021-12-16 12:26 UTC] git@php.net
-Status: Verified
+Status: Closed
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 18 18:01:28 2024 UTC |
Description: ------------ With PHP 7.4.10 Development Server on Windows platform (Build: C:\php-snap-build\php74\vc15\x64\obj\Release, extension=openssl enabled within php.ini) I have this problem: openssl_dh_compute_key apparently cannot deal with elliptic curve / ECDH. It could be I did not manage to find the trick as documentation/examples are missing how to use with ECDH rather than RSA or DH keys. openssl_dh_compute_key($pubkey, $dh_key) is checking parameter types. If successful it does not return NULL (but FALSE). I never succeeded in getting data from openssl_dh_compute_key other than FALSE or NULL. There are no error messages. What is wrong? Application of openssl_dh_compute_key or its implementation? Test script: --------------- // $dh_key // Secret brainpoolP384r1 key has been generated with: // $res = openssl_pkey_new($config); // $err = ! openssl_pkey_export($res, $privkey, "password", $config ); // file_put_contents($privkeyfile, $privkey) // // where $config = array("digest_alg" => "sha384", // "curve_name" => "brainpoolP384r1", // "private_key_type" => OPENSSL_KEYTYPE_EC, // "config" => $configfile, ); // // For ECDH purpose following code reads it again in and provides // $dh_key as a resource of type "OpenSSL key". This works well as // binary private key can be obtained by this code: // $dh_key_det = openssl_pkey_get_details($dh_key); // $dh_cont = $dh_key_det["ec"]["d"]; $key = file_get_contents($privkeyfile); $dh_key = openssl_get_privatekey($key, "password"); // $pubkey // $cert is a certificate in PEM format. // $pubkey is a string "-----BEGIN PUBLIC KEY----- MHow ... A4zQ== -----END PUBLIC KEY----- " $cert = file_get_contents($certfile); $x509 = openssl_x509_read($cert); $pubkeyid = openssl_get_publickey($x509); $pubkeyid_det = openssl_pkey_get_details($pubkeyid); $pubkey = $pubkeyid_det["key"]; // Now to the problem: $res = openssl_dh_compute_key($pubkey, $dh_key); // returning FALSE Expected result: ---------------- 1. Confirmation that openssl_dh_compute_key can handle ECDH, incl. brainpoolP384r1 curve. If not, please add. 2. Information about how to set parameters correctly within ECDH context, be it "brainpoolP384r1" or other curve. Actual result: -------------- openssl_dh_compute_key returning FALSE if parameters are correct type but still wrong. openssl_dh_compute_key returning NULL if parameters are not correct type. I never succeeded in getting data from openssl_dh_compute_key other than FALSE or NULL. There are no error messages. Lack of documentation, lack of examples.