Add support for SCRAM-SHA-*-PLUS channel binding in PHP streams (e.g., tls-unique, tls-exporter)

[fabiang]

Description

Hello,

I'm the maintainer of the fabiang/sasl library, which implements various SASL mechanisms. Since many SASL mechanisms have been deprecated over the years due to security issues, I am interested in improving the security of the SCRAM-SHA-* SASL mechanisms.

The SCRAM-SHA-*-PLUS mechanisms offer better security through channel binding. The recommended channel binding types are:

• tls-unique for TLS <= 1.2
• tls-server-end-point
• tls-exporter for TLS >= 1.3

Currently, PHP lacks support for channel binding, as no API is exposed to access data from the underlying secure socket. Additionally, more and more server software is adding support for channel binding.

For example, Python:

• supports at least "tls-unique" through SSLSocket.get_channel_binding
• and has an open Pull Request for tls-exporter.

To enable this in PHP, a simple API to retrieve channel binding data from a stream context would be beneficial.

A potential function could:

• return data from OpenSSL's SSL_get_peer_finished when channel binding is set to "tls-unique" and TLS 1.2 is used,
• use OpenSSL's SSL_export_keying_material when channel binding is set to "tls-exporter" and TLS <= 1.3 is used,
• trigger a warning when "tls-unique" is used with TLS 1.3,
• and trigger an error if the stream or context is not a TLS connection.

(Note: "tls-exporter" should also be supported on TLS 1.2 connections.)

stream_crypto_channel_binding(resource $stream_or_context, string $channel_binding_type): string;

Making this function compatible with both streams and contexts should cover all use cases.

Thank you.

[Neustradamus]

@fabiang: Thanks for your ticket, a lot of PHP projects wait the solution to add -PLUS variants.