CipherSuite

Author: valzargaming

README.md

@@ -51,6 +51,7 @@ Implemented (interface files) — ordered by RFC section
 
 Enums / identifiers
 
+ - [`src/MLS/Enums/CipherSuite.php`](src/MLS/Enums/CipherSuite.php) — RFC 9420: Cipher Suites ([Table 6](https://www.rfc-editor.org/rfc/rfc9420.html#table-6) & [Table 7](https://www.rfc-editor.org/rfc/rfc9420.html#table-7))
  - [`src/MLS/Enums/MessageWireFormat.php`](src/MLS/Enums/MessageWireFormat.php) — RFC 9420: MLS Wire Formats ([Table 8](https://www.rfc-editor.org/rfc/rfc9420.html#table-9))
  - [`src/MLS/Enums/ExtensionType.php`](src/MLS/Enums/ExtensionType.php) — RFC 9420: MLS Extension Types ([Table 9](https://www.rfc-editor.org/rfc/rfc9420.html#table-9))
  - [`src/MLS/Enums/ProposalType.php`](src/MLS/Enums/ProposalType.php) — RFC 9420: MLS Proposal Types ([Table 10](https://www.rfc-editor.org/rfc/rfc9420.html#table-9))

src/MLS/Enums/CipherSuite.php

@@ -0,0 +1,203 @@
+<?php
+
+declare(strict_types=1);
+
+namespace MLS\Enums;
+
+/**
+ * MLS Cipher Suites (RFC 9420 - Section 17.1, Tables 6 & 7)
+ */
+final class CipherSuite
+{
+    public const RESERVED = 0x0000;
+
+    public const MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 = 0x0001;
+    public const MLS_128_DHKEMP256_AES128GCM_SHA256_P256 = 0x0002;
+    public const MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 = 0x0003;
+    public const MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 = 0x0004;
+    public const MLS_256_DHKEMP521_AES256GCM_SHA512_P521 = 0x0005;
+    public const MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 = 0x0006;
+    public const MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 0x0007;
+
+    // GREASE values
+    public const GREASE_0A0A = 0x0A0A;
+    public const GREASE_1A1A = 0x1A1A;
+    public const GREASE_2A2A = 0x2A2A;
+    public const GREASE_3A3A = 0x3A3A;
+    public const GREASE_4A4A = 0x4A4A;
+    public const GREASE_5A5A = 0x5A5A;
+    public const GREASE_6A6A = 0x6A6A;
+    public const GREASE_7A7A = 0x7A7A;
+    public const GREASE_8A8A = 0x8A8A;
+    public const GREASE_9A9A = 0x9A9A;
+    public const GREASE_AAAA = 0xAAAA;
+    public const GREASE_BABA = 0xBABA;
+    public const GREASE_CACA = 0xCACA;
+    public const GREASE_DADA = 0xDADA;
+    public const GREASE_EAEA = 0xEAEA;
+
+    public const PRIVATE_USE_START = 0xF000;
+    public const PRIVATE_USE_END = 0xFFFF;
+
+    protected const NAME_MAP = [
+        self::RESERVED => 'reserved',
+        self::MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 => 'MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519',
+        self::MLS_128_DHKEMP256_AES128GCM_SHA256_P256 => 'MLS_128_DHKEMP256_AES128GCM_SHA256_P256',
+        self::MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 => 'MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519',
+        self::MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 => 'MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448',
+        self::MLS_256_DHKEMP521_AES256GCM_SHA512_P521 => 'MLS_256_DHKEMP521_AES256GCM_SHA512_P521',
+        self::MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 => 'MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448',
+        self::MLS_256_DHKEMP384_AES256GCM_SHA384_P384 => 'MLS_256_DHKEMP384_AES256GCM_SHA384_P384',
+        self::GREASE_0A0A => 'grease_0a0a',
+        self::GREASE_1A1A => 'grease_1a1a',
+        self::GREASE_2A2A => 'grease_2a2a',
+        self::GREASE_3A3A => 'grease_3a3a',
+        self::GREASE_4A4A => 'grease_4a4a',
+        self::GREASE_5A5A => 'grease_5a5a',
+        self::GREASE_6A6A => 'grease_6a6a',
+        self::GREASE_7A7A => 'grease_7a7a',
+        self::GREASE_8A8A => 'grease_8a8a',
+        self::GREASE_9A9A => 'grease_9a9a',
+        self::GREASE_AAAA => 'grease_aaaa',
+        self::GREASE_BABA => 'grease_baba',
+        self::GREASE_CACA => 'grease_caca',
+        self::GREASE_DADA => 'grease_dada',
+        self::GREASE_EAEA => 'grease_eaea',
+    ];
+
+    // Recommended flags per registry (true = recommended)
+    protected const RECOMMENDED = [
+        self::MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 => true,
+        self::MLS_128_DHKEMP256_AES128GCM_SHA256_P256 => true,
+        self::MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 => true,
+        self::MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 => true,
+        self::MLS_256_DHKEMP521_AES256GCM_SHA512_P521 => true,
+        self::MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 => true,
+        self::MLS_256_DHKEMP384_AES256GCM_SHA384_P384 => true,
+        self::GREASE_0A0A => true,
+        self::GREASE_1A1A => true,
+        self::GREASE_2A2A => true,
+        self::GREASE_3A3A => true,
+        self::GREASE_4A4A => true,
+        self::GREASE_5A5A => true,
+        self::GREASE_6A6A => true,
+        self::GREASE_7A7A => true,
+        self::GREASE_8A8A => true,
+        self::GREASE_9A9A => true,
+        self::GREASE_AAAA => true,
+        self::GREASE_BABA => true,
+        self::GREASE_CACA => true,
+        self::GREASE_DADA => true,
+        self::GREASE_EAEA => true,
+    ];
+
+    // Component mapping per cipher suite (Table 7)
+    protected const COMPONENTS = [
+        self::MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 => [
+            'kem' => 0x0020,
+            'kdf' => 0x0001,
+            'aead' => 0x0001,
+            'hash' => 'SHA256',
+            'signature' => 'ed25519',
+        ],
+        self::MLS_128_DHKEMP256_AES128GCM_SHA256_P256 => [
+            'kem' => 0x0010,
+            'kdf' => 0x0001,
+            'aead' => 0x0001,
+            'hash' => 'SHA256',
+            'signature' => 'ecdsa_secp256r1_sha256',
+        ],
+        self::MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 => [
+            'kem' => 0x0020,
+            'kdf' => 0x0001,
+            'aead' => 0x0003,
+            'hash' => 'SHA256',
+            'signature' => 'ed25519',
+        ],
+        self::MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 => [
+            'kem' => 0x0021,
+            'kdf' => 0x0003,
+            'aead' => 0x0002,
+            'hash' => 'SHA512',
+            'signature' => 'ed448',
+        ],
+        self::MLS_256_DHKEMP521_AES256GCM_SHA512_P521 => [
+            'kem' => 0x0012,
+            'kdf' => 0x0003,
+            'aead' => 0x0002,
+            'hash' => 'SHA512',
+            'signature' => 'ecdsa_secp521r1_sha512',
+        ],
+        self::MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 => [
+            'kem' => 0x0021,
+            'kdf' => 0x0003,
+            'aead' => 0x0003,
+            'hash' => 'SHA512',
+            'signature' => 'ed448',
+        ],
+        self::MLS_256_DHKEMP384_AES256GCM_SHA384_P384 => [
+            'kem' => 0x0011,
+            'kdf' => 0x0002,
+            'aead' => 0x0002,
+            'hash' => 'SHA384',
+            'signature' => 'ecdsa_secp384r1_sha384',
+        ],
+    ];
+
+    private function __construct()
+    {
+    }
+
+    public static function nameOf(int $value): ?string
+    {
+        if (isset(self::NAME_MAP[$value])) {
+            return self::NAME_MAP[$value];
+        }
+
+        if ($value >= self::PRIVATE_USE_START && $value <= self::PRIVATE_USE_END) {
+            return 'private_use';
+        }
+
+        return null;
+    }
+
+    public static function isRecommended(int $value): ?bool
+    {
+        return self::RECOMMENDED[$value] ?? null;
+    }
+
+    public static function isPrivateUse(int $value): bool
+    {
+        return $value >= self::PRIVATE_USE_START && $value <= self::PRIVATE_USE_END;
+    }
+
+    public static function componentsOf(int $value): ?array
+    {
+        return self::COMPONENTS[$value] ?? null;
+    }
+
+    public static function kemOf(int $value): ?int
+    {
+        return isset(self::COMPONENTS[$value]) ? self::COMPONENTS[$value]['kem'] : null;
+    }
+
+    public static function kdfOf(int $value): ?int
+    {
+        return isset(self::COMPONENTS[$value]) ? self::COMPONENTS[$value]['kdf'] : null;
+    }
+
+    public static function aeadOf(int $value): ?int
+    {
+        return isset(self::COMPONENTS[$value]) ? self::COMPONENTS[$value]['aead'] : null;
+    }
+
+    public static function hashOf(int $value): ?string
+    {
+        return isset(self::COMPONENTS[$value]) ? self::COMPONENTS[$value]['hash'] : null;
+    }
+
+    public static function signatureOf(int $value): ?string
+    {
+        return isset(self::COMPONENTS[$value]) ? self::COMPONENTS[$value]['signature'] : null;
+    }
+}

src/MLS/Enums/CredentialType.php

@@ -33,7 +33,7 @@ final class CredentialType
     public const PRIVATE_USE_START = 0xF000;
     public const PRIVATE_USE_END = 0xFFFF;
 
-    private const NAME_MAP = [
+    protected const NAME_MAP = [
         self::RESERVED => 'reserved',
         self::BASIC => 'basic',
         self::X509 => 'x509',
@@ -54,7 +54,7 @@ final class CredentialType
         self::GREASE_EAEA => 'grease_eaea',
     ];
 
-    private const RECOMMENDED = [
+    protected const RECOMMENDED = [
         self::BASIC => true,
         self::X509 => true,
     ];

src/MLS/Enums/ExtensionType.php

@@ -36,7 +36,7 @@ final class ExtensionType
     public const PRIVATE_USE_START = 0xF000;
     public const PRIVATE_USE_END = 0xFFFF;
 
-    private const NAME_MAP = [
+    protected const NAME_MAP = [
         self::RESERVED => 'reserved',
         self::APPLICATION_ID => 'application_id',
         self::RATCHET_TREE => 'ratchet_tree',
@@ -60,7 +60,7 @@ final class ExtensionType
         self::GREASE_EAEA => 'grease_eaea',
     ];
 
-    private const MESSAGE_MAP = [
+    protected const MESSAGE_MAP = [
         self::APPLICATION_ID => ['LN'],
         self::RATCHET_TREE => ['GI'],
         self::REQUIRED_CAPABILITIES => ['GC'],
@@ -83,7 +83,7 @@ final class ExtensionType
         self::GREASE_EAEA => ['KP','GI','LN'],
     ];
 
-    private const RECOMMENDED = [
+    protected const RECOMMENDED = [
         self::APPLICATION_ID => true,
         self::RATCHET_TREE => true,
         self::REQUIRED_CAPABILITIES => true,

src/MLS/Enums/MessageWireFormat.php

@@ -12,26 +12,26 @@ final class MessageWireFormat
 {
     public const RESERVED = 0x0000;
     public const MLS_PUBLIC_MESSAGE = 0x0001;
-    public const MLS_protected_MESSAGE = 0x0002;
+    public const MLS_PRIVATE_MESSAGE = 0x0002;
     public const MLS_WELCOME = 0x0003;
     public const MLS_GROUP_INFO = 0x0004;
     public const MLS_KEY_PACKAGE = 0x0005;
 
-    public const protected_USE_START = 0xF000;
-    public const protected_USE_END = 0xFFFF;
+    public const PRIVATE_USE_START = 0xF000;
+    public const PRIVATE_USE_END = 0xFFFF;
 
     protected const NAME_MAP = [
         self::RESERVED => 'reserved',
         self::MLS_PUBLIC_MESSAGE => 'mls_public_message',
-        self::MLS_protected_MESSAGE => 'mls_protected_message',
+        self::MLS_PRIVATE_MESSAGE => 'mls_private_message',
         self::MLS_WELCOME => 'mls_welcome',
         self::MLS_GROUP_INFO => 'mls_group_info',
         self::MLS_KEY_PACKAGE => 'mls_key_package',
     ];
 
     protected const RECOMMENDED = [
         self::MLS_PUBLIC_MESSAGE => true,
-        self::MLS_protected_MESSAGE => true,
+        self::MLS_PRIVATE_MESSAGE => true,
         self::MLS_WELCOME => true,
         self::MLS_GROUP_INFO => true,
         self::MLS_KEY_PACKAGE => true,
@@ -47,8 +47,8 @@ public static function nameOf(int $value): ?string
             return self::NAME_MAP[$value];
         }
 
-        if ($value >= self::protected_USE_START && $value <= self::protected_USE_END) {
-            return 'protected_use';
+        if ($value >= self::PRIVATE_USE_START && $value <= self::PRIVATE_USE_END) {
+            return 'private_use';
         }
 
         return null;
@@ -63,8 +63,8 @@ public static function isRecommended(int $value): ?bool
         return self::RECOMMENDED[$value] ?? null;
     }
 
-    public static function isprotectedUse(int $value): bool
+    public static function isPrivateUse(int $value): bool
     {
-        return $value >= self::protected_USE_START && $value <= self::protected_USE_END;
+        return $value >= self::PRIVATE_USE_START && $value <= self::PRIVATE_USE_END;
     }
 }

src/MLS/Enums/ProposalType.php

@@ -37,7 +37,7 @@ final class ProposalType
     public const GREASE_DADA = 0xDADA;
     public const GREASE_EAEA = 0xEAEA;
 
-    // Private use range
+    // protected use range
     public const PRIVATE_USE_START = 0xF000;
     public const PRIVATE_USE_END = 0xFFFF;
 
@@ -71,7 +71,7 @@ final class ProposalType
      * Metadata per proposal type: [recommended(bool), external(?bool), pathRequired(?bool)]
      * Where "?bool" can be null when RFC marks '-' (not applicable/unspecified).
      */
-    private const META = [
+    protected const META = [
         self::RESERVED => [false, null, null],
         self::ADD => [true, true, false],
         self::UPDATE => [true, false, true],

src/MLS/Enums/PublicKeyEncryptionLabels.php

@@ -12,7 +12,7 @@ final class PublicKeyEncryptionLabels
     public const UPDATE_PATH_NODE = 'UpdatePathNode';
     public const WELCOME = 'Welcome';
 
-    private const RECOMMENDED = [
+    protected const RECOMMENDED = [
         self::UPDATE_PATH_NODE => true,
         self::WELCOME => true,
     ];

src/MLS/Enums/SignatureLabels.php

@@ -14,7 +14,7 @@ final class SignatureLabels
     public const KEY_PACKAGE_TBS = 'KeyPackageTBS';
     public const GROUP_INFO_TBS = 'GroupInfoTBS';
 
-    private const RECOMMENDED = [
+    protected const RECOMMENDED = [
         self::FRAMED_CONTENT_TBS => true,
         self::LEAF_NODE_TBS => true,
         self::KEY_PACKAGE_TBS => true,

src/MLS/Signature/SignatureSchemeInterface.php

@@ -17,7 +17,7 @@ interface SignatureSchemeInterface
 {
     public function getId(): int;
 
-    public function sign(string $message, string $privateKey): string;
+    public function sign(string $message, string $protectedKey): string;
 
     public function verify(string $message, string $signature, string $publicKey): bool;
 }