I'm running PHP 7.2.8. According to openssl_get_cipher_methods chacha20-poly1305 is a supported algorithm:
echo in_array('chacha20-poly1305', openssl_get_cipher_methods()) ? 'yes' : 'no';
That outputs "yes".
So I tried to use chacha20-poly1305:
$plaintext = 'zzzzzz';
$key = str_repeat('k', 32);
$nonce = str_repeat('n', 12);
$aad = '';
$r = openssl_encrypt(
$plaintext,
'chacha20-poly1305',
$key,
OPENSSL_RAW_DATA,
$nonce,
$newtag,
$aad
);
echo bin2hex($r);
That output a PHP warning:
Warning: openssl_encrypt(): The authenticated tag cannot be provided for cipher that doesn not support AEAD
$r was f4854428b8a8.
I was able to get the same output for r with chacha20 (ie. no poly1305 by doing this):
$r = openssl_encrypt(
$plaintext,
'chacha20',
$key,
OPENSSL_RAW_DATA,
"\1\0\0\0" . $nonce
);
The fact that the output is the same means that the Poly1305 authentication code is neither being appended or prepended to the ciphertext.
My question is... how do I get the Poly1305 authentication code using OpenSSL in PHP?
Also, I'm aware that libsodium provides chacha20-poly1305 support but I am, none-the-less, still curious as to how it's supposed to work with OpenSSL.
