How Can We Use GCM Mode Encryption in PHP?

Question

I have been reading a lot about GCM and how awesome it is and I would like to know how could I use AES-GCM authenticated encryption using PHP. Is it supported in mcrypt()? I found some references to GCM in the Codeigniter framework documentation which leads me to believe it is possible to use in Codeigniter.

And I also came across something in a doc about Zend. I'm not looking to use a Codeigniter driver though as I don't use any framework and don't intend to for my current projects. It seems to me however that if Codeigniter is able to do it then so should we be able to without the framework.

It seems as though GCM is the way to go for security as well as performance (I saw very impressive performance figures). My feeling is we need this but I can't find any examples. Someone must have an idea of how to accomplish this. I know it is supported by OpenSSL.

Any help will be greatly appreciated.

Answer 1

You ask several questions here, so I'm going to address them separately as stated above:

Is it supported in mcrypt()?

No, mcrypt does not support AES encryption per se. It does, however, support Rijndael (pronounced like 'rain-doll'), which is the base algorithm for AES. AES is defined as a specific set of parameters for Rijndael, so you can use the appropriate parameters to match AES, but GCM mode is not available.

It seems as though GCM is the way to go for security as well as performance (I saw very impressive performance figures). My feeling is we need this but I can't find any examples.

Unfortunately, this is the wrong way to go about choosing a security model or implementation. Different algorithms and cipher modes have different uses and applying the wrong mode, for example, can leave your application vulnerable to attacks even if you are using an apparently strong cipher like AES. GCM is very well spoken off because this mode offers encryption and authentication in one shot. Not all applications need both or may use them in such a way that weakens their designed strength. You will need to do your homework to ensure this is the correct mode to use for your application and what are the current minimum parameters to use.

Unless you are a security expert, you are much better off using a proven framework. It's never a good idea to implement your own encryption or security management because it is very easy to make mistakes that can leave you wide open to simple attacks. The best option is to find an open source, proven and tested, framework that does what you want to accomplish and carefully configure it to suit your needs. After that, it is key to keep the framework patched and up to date.

Since you mention performance statistics for AES-GCM, yes, it does perform very well on modern CPUs (i7 and newer), which have hardware support specifically designed to accelerate the operations needed. If your server or clients do not have hardware acceleration, AES-GCM will be much slower. In addition to actual hardware support, the software library you use is key, because it will need to invoke the needed hardware in order to take advantage of the increased speed.

I know it is supported by OpenSSL.

OpenSSL is one of such libraries that implement AES-GCM and it does take advantage if AES-NI (the hardware acceleration technology) when available.

The bad news is that the PHP extensions available today (early February 2015) do not support the specific library that implements AES-GCM. The rush to use GCM stems from the recent vulnerabilities found in the SSL protocol, which are finally forcing everyone to migrate to TLS and to an encryption mode with authentication. Even though security experts had been pushing for such a move for years, both server and browser makers had been dragging their feet waiting for each other to take the first steps toward Authenticated Encryption. We are finally starting to see movement in the right direction.

I believe later this year we will finally have AES-GCM in PHP, but for now it is not freely available.

Some info sources: http://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption Which shows the EVP library. A high-level implementation of AES-GCM that takes advantage of AES-NI

http://phpaes.com An AES implementation for PHP. I do not know if they have been properly tested, or if they use hardware acceleration. They do not offer GCM, but it may be a good learning tool.

Answer 2

You can set the mode as an parameter for initialize function:

$this->encryption->initialize(
        array('mode' => 'gcm')
);

to use this code, you have of course use ci and it's encryption classes

$this->load->library('encryption');

you can also change cipher, driver and key inside the initialize method - for more information, have a look at http://www.storycon.us/ci3/libraries/encryption.html#id11