Warning when use \Phalcon\Crypt with aes-256-gcm

[michalzielanski]

Expected and Actual Behavior

It should work without warning.

Output:

Warning: openssl_encrypt(): A tag should be provided when using AEAD mode in /(...)/index.php on line 5

Script to reproduce the issue:

<?php
$crypt = new \Phalcon\Crypt('aes-256-gcm', true);
$crypt->setKey("12181\xda6935\xca37\xed\xeb\x14\xde\x46461\xea\xc8\x9832\x90108\xfc10575\xb275\xa3\x93\xd4\xa637\xb3\xbd");
$crypt->setHashAlgo('sha512');
echo $crypt->encrypt('Top secret');

Details

• Phalcon version: (php --ri phalcon)
  Version => 3.4.2
  Powered by Zephir => Version 0.10.14-975ad02db4
• PHP Version: (php -v)
  PHP 7.2.14 ( NTS )
  Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
  with Zend OPcache v7.2.14, Copyright (c) 1999-2018, by Zend Technologies
  with Xdebug v2.6.1, Copyright (c) 2002-2018, by Derick Rethans
• Operating System:
  Ubuntu 18.10
• Installation type:
  Compiling from source

[Jeckerson]

Did you tried to set key as second param in encrypt method?
Ex: $crypt->encrypt('Top secret', 'KEY');

[michalzielanski]

No, but it does not matter. Look at the code:

cphalcon/phalcon/crypt.zep

Line 402 in 171b6cd

let encrypted = openssl_encrypt(padded, cipher, encryptKey, OPENSSL_RAW_DATA, iv);

The sixth argument (tag) is never passed.
From PHP documentation:

tag
The authentication tag passed by reference when using AEAD cipher mode (GCM or CCM).

[Jeckerson]

Yep, at first I didn't count arguments and thought that iv is in corrent position...

Seems that Phalcon doesn't support GCM or CCM modes.

[michalzielanski]

Documentation suggests using aes-256-gcm.

The `aes-256-gcm' is the preferable cipher, but it is not usable until the
openssl library is upgraded, which is available in PHP 7.1.

[niden]

Resolved in #14079