Skip to content

Commit f503692

Browse files
valzargamingvalzargaming
committed
More tables as enums
1 parent 76e8bb4 commit f503692

12 files changed

Lines changed: 246 additions & 5 deletions

README.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,13 @@ Implemented (interface files) — ordered by RFC section
5151

5252
Enums / identifiers
5353

54+
- [`src/MLS/Enums/EpochSecrets.php`](src/MLS/Enums/EpochSecrets.php) — RFC 9420: Epoch-Derived Secrets ([Table 4](https://www.rfc-editor.org/rfc/rfc9420.html#table-4))
5455
- [`src/MLS/Enums/CipherSuite.php`](src/MLS/Enums/CipherSuite.php) — RFC 9420: Cipher Suites ([Table 6](https://www.rfc-editor.org/rfc/rfc9420.html#table-6) & [Table 7](https://www.rfc-editor.org/rfc/rfc9420.html#table-7))
56+
- [`src/MLS/Enums/KEM.php`](src/MLS/Enums/KEM.php) — HPKE KEM identifiers ([Table 7](https://www.rfc-editor.org/rfc/rfc9420.html#table-7))
57+
- [`src/MLS/Enums/KDF.php`](src/MLS/Enums/KDF.php) — KDF identifiers ([Table 7](https://www.rfc-editor.org/rfc/rfc9420.html#table-7))
58+
- [`src/MLS/Enums/AEAD.php`](src/MLS/Enums/AEAD.php) — AEAD identifiers ([Table 7](https://www.rfc-editor.org/rfc/rfc9420.html#table-7))
59+
- [`src/MLS/Enums/HashAlgorithm.php`](src/MLS/Enums/HashAlgorithm.php) — Hash algorithm identifiers ([Table 7](https://www.rfc-editor.org/rfc/rfc9420.html#table-7))
60+
- [`src/MLS/Enums/SignatureScheme.php`](src/MLS/Enums/SignatureScheme.php) — Signature scheme identifiers ([Table 7](https://www.rfc-editor.org/rfc/rfc9420.html#table-7))
5561
- [`src/MLS/Enums/MessageWireFormat.php`](src/MLS/Enums/MessageWireFormat.php) — RFC 9420: MLS Wire Formats ([Table 8](https://www.rfc-editor.org/rfc/rfc9420.html#table-9))
5662
- [`src/MLS/Enums/ExtensionType.php`](src/MLS/Enums/ExtensionType.php) — RFC 9420: MLS Extension Types ([Table 9](https://www.rfc-editor.org/rfc/rfc9420.html#table-9))
5763
- [`src/MLS/Enums/ProposalType.php`](src/MLS/Enums/ProposalType.php) — RFC 9420: MLS Proposal Types ([Table 10](https://www.rfc-editor.org/rfc/rfc9420.html#table-9))
@@ -100,6 +106,12 @@ RFC coverage
100106
- Extensions & Transcript: extension and transcript interfaces included for payloads and hash tracking.
101107
- RFC registries mirrored: wire formats, proposal types, extension types, credential types, signature labels, and public-key encryption labels are represented under `src/MLS/Enums/`.
102108

109+
Registry details
110+
111+
- **Epoch-derived secrets (Table 4)**: common labels used by the key schedule are mirrored in `src/MLS/Enums/EpochSecrets.php`. Labels include `"sender data"`, `"encryption"`, `"exporter"`, `"external"`, `"confirm"`, `"membership"`, `"resumption"`, and `"authentication"`. Each label maps to a derived secret name (for example, `"confirm"``confirmation_key`) and a short-purpose description.
112+
113+
- **Cipher suites (Tables 6 & 7)**: the CipherSuite registry is represented in `src/MLS/Enums/CipherSuite.php`. It includes the initial MLS 1.0 suites (e.g. `MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519`) and GREASE/private-use ranges. The mandatory-to-implement suite for MLS 1.0 is `MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519`. Each suite exposes component mappings (KEM/KDF/AEAD/Hash/Signature) via helper accessors in the enum class.
114+
103115
Roadmap
104116

105117
1. Add KeyPackageBundle and EncryptedGroupSecrets interfaces.

src/MLS/Enums/AEAD.php

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
<?php
2+
3+
declare(strict_types=1);
4+
5+
namespace MLS\Enums;
6+
7+
/**
8+
* AEAD identifiers referenced by MLS cipher suites (RFC 9420 Table 7)
9+
*/
10+
final class AEAD
11+
{
12+
public const AES128_GCM = 0x0001;
13+
public const AES256_GCM = 0x0002;
14+
public const CHACHA20_POLY1305 = 0x0003;
15+
16+
protected const NAME_MAP = [
17+
self::AES128_GCM => 'AES-128-GCM',
18+
self::AES256_GCM => 'AES-256-GCM',
19+
self::CHACHA20_POLY1305 => 'ChaCha20Poly1305',
20+
];
21+
22+
public function __construct()
23+
{
24+
}
25+
26+
public static function nameOf(int $value): ?string
27+
{
28+
return self::NAME_MAP[$value] ?? null;
29+
}
30+
}

src/MLS/Enums/CipherSuite.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -144,7 +144,7 @@ final class CipherSuite
144144
],
145145
];
146146

147-
private function __construct()
147+
public function __construct()
148148
{
149149
}
150150

src/MLS/Enums/CredentialType.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ final class CredentialType
5959
self::X509 => true,
6060
];
6161

62-
private function __construct()
62+
public function __construct()
6363
{
6464
}
6565

src/MLS/Enums/EpochSecrets.php

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
<?php
2+
3+
declare(strict_types=1);
4+
5+
namespace MLS\Enums;
6+
7+
/**
8+
* Epoch-derived secrets (RFC 9420 - Table 4)
9+
*/
10+
final class EpochSecrets
11+
{
12+
public const SENDER_DATA = 'sender data';
13+
public const ENCRYPTION = 'encryption';
14+
public const EXPORTER = 'exporter';
15+
public const EXTERNAL = 'external';
16+
public const CONFIRM = 'confirm';
17+
public const MEMBERSHIP = 'membership';
18+
public const RESUMPTION = 'resumption';
19+
public const AUTHENTICATION = 'authentication';
20+
21+
protected const SECRET_NAME = [
22+
self::SENDER_DATA => 'sender_data',
23+
self::ENCRYPTION => 'encryption_secret',
24+
self::EXPORTER => 'exporter_secret',
25+
self::EXTERNAL => 'external_secret',
26+
self::CONFIRM => 'confirmation_key',
27+
self::MEMBERSHIP => 'membership_key',
28+
self::RESUMPTION => 'resumption_psk',
29+
self::AUTHENTICATION => 'epoch_authenticator',
30+
];
31+
32+
protected const PURPOSE = [
33+
self::SENDER_DATA => 'Deriving keys to encrypt sender data',
34+
self::ENCRYPTION => 'Deriving message encryption keys (via the secret tree)',
35+
self::EXPORTER => 'Deriving exported secrets',
36+
self::EXTERNAL => 'Deriving the external init key',
37+
self::CONFIRM => 'Computing the confirmation MAC for an epoch',
38+
self::MEMBERSHIP => 'Computing the membership MAC for a PublicMessage',
39+
self::RESUMPTION => 'Proving membership in this epoch (via a PSK injected later)',
40+
self::AUTHENTICATION => 'Confirming that two clients have the same view of the group',
41+
];
42+
43+
public function __construct()
44+
{
45+
}
46+
47+
/**
48+
* Return all labels as defined in Table 4.
49+
*
50+
* @return string[]
51+
*/
52+
public static function labels(): array
53+
{
54+
return array_keys(self::SECRET_NAME);
55+
}
56+
57+
public static function secretNameOf(string $label): ?string
58+
{
59+
return self::SECRET_NAME[$label] ?? null;
60+
}
61+
62+
public static function purposeOf(string $label): ?string
63+
{
64+
return self::PURPOSE[$label] ?? null;
65+
}
66+
}

src/MLS/Enums/ExtensionType.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ final class ExtensionType
9191
self::EXTERNAL_SENDERS => true,
9292
];
9393

94-
private function __construct()
94+
public function __construct()
9595
{
9696
}
9797

src/MLS/Enums/HashAlgorithm.php

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
<?php
2+
3+
declare(strict_types=1);
4+
5+
namespace MLS\Enums;
6+
7+
/**
8+
* Hash algorithms referenced in MLS cipher suites (Table 7)
9+
*/
10+
final class HashAlgorithm
11+
{
12+
public const SHA256 = 'SHA256';
13+
public const SHA384 = 'SHA384';
14+
public const SHA512 = 'SHA512';
15+
16+
protected const NAME_MAP = [
17+
self::SHA256 => 'SHA-256',
18+
self::SHA384 => 'SHA-384',
19+
self::SHA512 => 'SHA-512',
20+
];
21+
22+
public function __construct()
23+
{
24+
}
25+
26+
public static function nameOf(string $value): ?string
27+
{
28+
return self::NAME_MAP[$value] ?? null;
29+
}
30+
}

src/MLS/Enums/KDF.php

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
<?php
2+
3+
declare(strict_types=1);
4+
5+
namespace MLS\Enums;
6+
7+
/**
8+
* KDF identifiers referenced by MLS cipher suites (RFC 9420 Table 7)
9+
*/
10+
final class KDF
11+
{
12+
public const HKDF_SHA256 = 0x0001;
13+
public const HKDF_SHA384 = 0x0002;
14+
public const HKDF_SHA512 = 0x0003;
15+
16+
protected const NAME_MAP = [
17+
self::HKDF_SHA256 => 'HKDF-SHA256',
18+
self::HKDF_SHA384 => 'HKDF-SHA384',
19+
self::HKDF_SHA512 => 'HKDF-SHA512',
20+
];
21+
22+
public function __construct()
23+
{
24+
}
25+
26+
public static function nameOf(int $value): ?string
27+
{
28+
return self::NAME_MAP[$value] ?? null;
29+
}
30+
}

src/MLS/Enums/KEM.php

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
<?php
2+
3+
declare(strict_types=1);
4+
5+
namespace MLS\Enums;
6+
7+
/**
8+
* HPKE KEM identifiers used by MLS (RFC 9420 Table 7)
9+
*/
10+
final class KEM
11+
{
12+
public const DHKEM_P256 = 0x0010;
13+
public const DHKEM_P384 = 0x0011;
14+
public const DHKEM_P521 = 0x0012;
15+
public const DHKEM_X25519 = 0x0020;
16+
public const DHKEM_X448 = 0x0021;
17+
18+
protected const NAME_MAP = [
19+
self::DHKEM_P256 => 'DHKEM(P-256)',
20+
self::DHKEM_P384 => 'DHKEM(P-384)',
21+
self::DHKEM_P521 => 'DHKEM(P-521)',
22+
self::DHKEM_X25519 => 'DHKEM(X25519)',
23+
self::DHKEM_X448 => 'DHKEM(X448)',
24+
];
25+
26+
public function __construct()
27+
{
28+
}
29+
30+
public static function nameOf(int $value): ?string
31+
{
32+
return self::NAME_MAP[$value] ?? null;
33+
}
34+
}

src/MLS/Enums/PublicKeyEncryptionLabels.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ final class PublicKeyEncryptionLabels
1717
self::WELCOME => true,
1818
];
1919

20-
private function __construct()
20+
public function __construct()
2121
{
2222
}
2323

0 commit comments

Comments
 (0)