rfc:libsodium
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
rfc:libsodium [2016/06/01 14:09] – sarciszewski | rfc:libsodium [2017/09/22 13:28] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PHP RFC: Make Libsodium a Core Extension ====== | ====== PHP RFC: Make Libsodium a Core Extension ====== | ||
- | * Version: 0.3 | + | * Version: 0.5.1 |
- | * Date: 2016-01-07 | + | * Date: 2016-01-11 |
* Author: Scott Arciszewski, | * Author: Scott Arciszewski, | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
Line 18: | Line 18: | ||
===== Proposal ===== | ===== Proposal ===== | ||
- | This proposal is to adopt the libsodium extension (as ext/sodium) in the PHP core in PHP 7.1.0. | + | This proposal is to adopt the libsodium extension (as ext/sodium) in the PHP core in PHP 7.2.0. |
Currently, the libsodium extension in PECL uses the `Sodium` namespace, which runs contrary to the coding standards. If this RFC adopted into the PHP core, the namespace can be changed to conform to the coding standards (pending the outcome of a secondary vote). | Currently, the libsodium extension in PECL uses the `Sodium` namespace, which runs contrary to the coding standards. If this RFC adopted into the PHP core, the namespace can be changed to conform to the coding standards (pending the outcome of a secondary vote). | ||
Line 59: | Line 59: | ||
* Conservative security. Great effort was taken to perform every security-critical operation in constant time. | * Conservative security. Great effort was taken to perform every security-critical operation in constant time. | ||
* Best-in-class elliptic curve cryptography. | * Best-in-class elliptic curve cryptography. | ||
+ | |||
+ | |||
+ | ===== Libsodium API Subset ===== | ||
+ | |||
+ | |||
+ | |||
+ | * Mainline NaCl Features | ||
+ | * \Sodium\crypto_auth() | ||
+ | * \Sodium\crypto_auth_verify() | ||
+ | * \Sodium\crypto_box() | ||
+ | * \Sodium\crypto_box_open() | ||
+ | * \Sodium\crypto_scalarmult() | ||
+ | * \Sodium\crypto_secretbox() | ||
+ | * \Sodium\crypto_secretbox_open() | ||
+ | * \Sodium\crypto_sign() | ||
+ | * \Sodium\crypto_sign_open() | ||
+ | * PECL Libsodium Features | ||
+ | * \Sodium\crypto_aead_chacha20poly1305_encrypt() | ||
+ | * \Sodium\crypto_aead_chacha20poly1305_decrypt() | ||
+ | * \Sodium\crypto_aead_chacha20poly1305_ietf_encrypt() | ||
+ | * \Sodium\crypto_aead_chacha20poly1305_ietf_decrypt() | ||
+ | * \Sodium\crypto_box_keypair() | ||
+ | * \Sodium\crypto_box_keypair_from_secretkey_and_publickey() | ||
+ | * \Sodium\crypto_box_publickey() | ||
+ | * \Sodium\crypto_box_publickey_from_secretkey() | ||
+ | * \Sodium\crypto_box_seal() | ||
+ | * \Sodium\crypto_box_seal_open() | ||
+ | * \Sodium\crypto_box_secretkey() | ||
+ | * \Sodium\crypto_generichash() | ||
+ | * \Sodium\crypto_generichash_init() | ||
+ | * \Sodium\crypto_generichash_update() | ||
+ | * \Sodium\crypto_generichash_final() | ||
+ | * \Sodium\crypto_kx() | ||
+ | * \Sodium\crypto_pwhash() | ||
+ | * \Sodium\crypto_pwhash_str() | ||
+ | * \Sodium\crypto_pwhash_str_verify() | ||
+ | * \Sodium\crypto_shorthash() | ||
+ | * \Sodium\crypto_sign_detached() | ||
+ | * \Sodium\crypto_sign_keypair() | ||
+ | * \Sodium\crypto_sign_publickey() | ||
+ | * \Sodium\crypto_sign_publickey_from_secretkey() | ||
+ | * \Sodium\crypto_sign_secretkey() | ||
+ | * \Sodium\crypto_sign_verify_detached() | ||
+ | * \Sodium\crypto_stream() | ||
+ | * \Sodium\crypto_stream_xor() | ||
+ | * \Sodium\compare() | ||
+ | * \Sodium\memzero() | ||
+ | * \Sodium\increment() | ||
+ | |||
+ | Because crypto_aead_encrypt() will be the CAESAR finalist, we should tentatively commit to adding that one day. https:// | ||
+ | |||
+ | We don't need crypto_aead_aes256gcm since that's provided by OpenSSL. We only provide ChaCha20-Poly1305 for e.g. Noise protocol integrations. | ||
+ | |||
+ | We don't need scrypt; we have crypto_pwhash() which is Argon2i. | ||
+ | |||
+ | We don't need several other utilities (bin2hex, hex2bin, etc.). Instead, we should make those existing mainline functions cache-timing safe. We MAY decide to add function aliases (e.g. \Sodium\bin2hex() -> \bin2hex()) for compatibility with software already written for ext/sodium. | ||
===== Proposed PHP Version(s) ===== | ===== Proposed PHP Version(s) ===== | ||
- | This RFC targets PHP 7.1. | + | This RFC targets PHP 7.2. |
===== RFC Impact ===== | ===== RFC Impact ===== | ||
Line 68: | Line 124: | ||
I'm not aware of any potential impact that adopting ext/sodium will have on other RFCs. | I'm not aware of any potential impact that adopting ext/sodium will have on other RFCs. | ||
- | ==== New Constants ==== | + | |
+ | ===== Future Scope ===== | ||
+ | |||
+ | With libsodium in the PHP core, we may be able to update the Phar extension to support Ed25519 signatures. This will be a great boon for authentic PHP Archive distribution. The current best option, OpenSSL, may provide inadequate security. | ||
+ | |||
+ | ===== New Constants | ||
See the list of all libsodium constants in the reference. In every case, \Sodium\FOO will be transformed to SODIUM_FOO. | See the list of all libsodium constants in the reference. In every case, \Sodium\FOO will be transformed to SODIUM_FOO. | ||
< | < | ||
- | \Sodium\CRYPTO_AEAD_AES256GCM_KEYBYTES => | ||
- | \Sodium\CRYPTO_AEAD_AES256GCM_NSECBYTES => | ||
- | \Sodium\CRYPTO_AEAD_AES256GCM_NPUBBYTES => | ||
- | \Sodium\CRYPTO_AEAD_AES256GCM_ABYTES => | ||
\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES => | \Sodium\CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES => | ||
\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_NSECBYTES => | \Sodium\CRYPTO_AEAD_CHACHA20POLY1305_NSECBYTES => | ||
Line 84: | Line 141: | ||
\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_NSECBYTES => | \Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_NSECBYTES => | ||
\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES => | \Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES => | ||
- | \Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES => | + | \Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES => |
\Sodium\CRYPTO_AUTH_BYTES => | \Sodium\CRYPTO_AUTH_BYTES => | ||
\Sodium\CRYPTO_AUTH_KEYBYTES => | \Sodium\CRYPTO_AUTH_KEYBYTES => | ||
Line 111: | Line 168: | ||
\Sodium\CRYPTO_PWHASH_OPSLIMIT_SENSITIVE => | \Sodium\CRYPTO_PWHASH_OPSLIMIT_SENSITIVE => | ||
\Sodium\CRYPTO_PWHASH_MEMLIMIT_SENSITIVE => | \Sodium\CRYPTO_PWHASH_MEMLIMIT_SENSITIVE => | ||
- | \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES => | ||
- | \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_STRPREFIX => | ||
- | \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE => | ||
- | \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE => | ||
- | \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_SENSITIVE => | ||
- | \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_SENSITIVE => | ||
\Sodium\CRYPTO_SCALARMULT_BYTES => | \Sodium\CRYPTO_SCALARMULT_BYTES => | ||
\Sodium\CRYPTO_SCALARMULT_SCALARBYTES => | \Sodium\CRYPTO_SCALARMULT_SCALARBYTES => | ||
Line 132: | Line 183: | ||
\Sodium\CRYPTO_STREAM_NONCEBYTES => | \Sodium\CRYPTO_STREAM_NONCEBYTES => | ||
</ | </ | ||
- | |||
===== Proposed Voting Choices ===== | ===== Proposed Voting Choices ===== | ||
- | Vote YES to add ext/sodium to PHP 7.1. A 50%+1 majority should be sufficient. | ||
- | Second vote: Vote YES to keep the namespace (\Sodium\etc), | + | Voting starts on 2017-02-03 20:42 UTC and closes on 2017-02-10 21:00 UTC. |
+ | |||
+ | Vote YES to add ext/sodium to PHP 7.2. As per new voting rules, a 2/3 majority is required. | ||
+ | |||
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
+ | |||
+ | Second vote: Vote YES to keep the namespace (\Sodium\etc), | ||
+ | |||
+ | <doodle title=" | ||
+ | * Yes, \Sodium\foo | ||
+ | * No, sodium_foo | ||
+ | </ | ||
+ | |||
+ | ===== Implementation ===== | ||
+ | |||
+ | - merged to PHP 7.2+ in http:// | ||
+ | - PHP manual section: yet missing | ||
===== References ===== | ===== References ===== |
rfc/libsodium.1464790157.txt.gz · Last modified: 2017/09/22 13:28 (external edit)