rfc:libsodium

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rfc:libsodium [2017/01/11 18:18] sarciszewskirfc:libsodium [2017/08/08 15:27] – this RFC has already been implemented cmb
Line 1: Line 1:
 ====== PHP RFC: Make Libsodium a Core Extension ====== ====== PHP RFC: Make Libsodium a Core Extension ======
-  * Version: 0.4.0+  * Version: 0.5.1
   * Date: 2016-01-11   * Date: 2016-01-11
   * Author: Scott Arciszewski, scott@paragonie.com   * Author: Scott Arciszewski, scott@paragonie.com
-  * Status: Under Discussion+  * Status: Implemented
   * First Published at: http://wiki.php.net/rfc/libsodium   * First Published at: http://wiki.php.net/rfc/libsodium
  
Line 76: Line 76:
     * \Sodium\crypto_sign_open()     * \Sodium\crypto_sign_open()
   * PECL Libsodium Features   * PECL Libsodium Features
 +    * \Sodium\crypto_aead_chacha20poly1305_encrypt()
 +    * \Sodium\crypto_aead_chacha20poly1305_decrypt()
 +    * \Sodium\crypto_aead_chacha20poly1305_ietf_encrypt()
 +    * \Sodium\crypto_aead_chacha20poly1305_ietf_decrypt()
 +    * \Sodium\crypto_box_keypair()
 +    * \Sodium\crypto_box_keypair_from_secretkey_and_publickey()
 +    * \Sodium\crypto_box_publickey()
 +    * \Sodium\crypto_box_publickey_from_secretkey()
     * \Sodium\crypto_box_seal()     * \Sodium\crypto_box_seal()
     * \Sodium\crypto_box_seal_open()     * \Sodium\crypto_box_seal_open()
 +    * \Sodium\crypto_box_secretkey()
     * \Sodium\crypto_generichash()     * \Sodium\crypto_generichash()
     * \Sodium\crypto_generichash_init()     * \Sodium\crypto_generichash_init()
Line 88: Line 97:
     * \Sodium\crypto_shorthash()     * \Sodium\crypto_shorthash()
     * \Sodium\crypto_sign_detached()     * \Sodium\crypto_sign_detached()
 +    * \Sodium\crypto_sign_keypair()
 +    * \Sodium\crypto_sign_publickey()
 +    * \Sodium\crypto_sign_publickey_from_secretkey()
 +    * \Sodium\crypto_sign_secretkey()
     * \Sodium\crypto_sign_verify_detached()     * \Sodium\crypto_sign_verify_detached()
     * \Sodium\crypto_stream()     * \Sodium\crypto_stream()
Line 95: Line 108:
     * \Sodium\increment()     * \Sodium\increment()
  
-We don't need crypto_aead_*() yet. We can get AES-GCM via OpenSSL as of PHP 7.1, and crypto_aead_encrypt() will be the CAESAR finalist. https://competitions.cr.yp.to/caesar.html+Because crypto_aead_encrypt() will be the CAESAR finalist, we should tentatively commit to adding that one day. https://competitions.cr.yp.to/caesar.html 
 + 
 +We don't need crypto_aead_aes256gcm since that's provided by OpenSSL. We only provide ChaCha20-Poly1305 for e.g. Noise protocol integrations.
  
 We don't need scrypt; we have crypto_pwhash() which is Argon2i. We don't need scrypt; we have crypto_pwhash() which is Argon2i.
Line 109: Line 124:
 I'm not aware of any potential impact that adopting ext/sodium will have on other RFCs. I'm not aware of any potential impact that adopting ext/sodium will have on other RFCs.
  
-==== New Constants ====+ 
 +===== Future Scope ===== 
 + 
 +With libsodium in the PHP core, we may be able to update the Phar extension to support Ed25519 signatures. This will be a great boon for authentic PHP Archive distribution. The current best option, OpenSSL, may provide inadequate security. 
 + 
 +===== New Constants =====
  
 See the list of all libsodium constants in the reference. In every case, \Sodium\FOO will be transformed to SODIUM_FOO. See the list of all libsodium constants in the reference. In every case, \Sodium\FOO will be transformed to SODIUM_FOO.
  
 <code> <code>
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES => 32
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_NSECBYTES => 0
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES => 8
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_ABYTES => 16
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES => 32
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_NSECBYTES => 0
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES => 12
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES => 16 
 \Sodium\CRYPTO_AUTH_BYTES => 32 \Sodium\CRYPTO_AUTH_BYTES => 32
 \Sodium\CRYPTO_AUTH_KEYBYTES => 32 \Sodium\CRYPTO_AUTH_KEYBYTES => 32
Line 158: Line 186:
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
  
-Vote YES to add ext/sodium to PHP 7.2. A 50%+1 majority should be sufficient. 
  
-Second vote: Vote YES to keep the namespace (\Sodium\etc), vote NO to switch to a prefix in the global namespace (sodium_etc). This constitutes an inconsistency with PHP's coding standard and therefore should require a 2/3 majority.+Voting starts on 2017-02-03 20:42 UTC and closes on 2017-02-10 21:00 UTC. 
 + 
 +Vote YES to add ext/sodium to PHP 7.2. As per new voting rules, a 2/3 majority is required. 
 + 
 +<doodle title="Libsodium as a Core Extension in PHP 7.2" auth="sarciszewski" voteType="single" closed="true"> 
 +   * Yes 
 +   * No 
 +</doodle> 
 + 
 +Second vote: Vote YES to keep the namespace (\Sodium\etc), vote NO to switch to a prefix in the global namespace (sodium_etc). 2/3 majority is also required for "Yes" to be acceptedThe default is for "No"
 + 
 +<doodle title="Use the current PECL syntax?" auth="sarciszewski" voteType="single" closed="true"> 
 +   * Yes, \Sodium\foo 
 +   * No, sodium_foo 
 +</doodle> 
 + 
 +===== Implementation ===== 
 +  
 +  - merged to PHP 7.2+ in http://git.php.net/?p=php-src.git;a=commit;h=5cfa26c18189ae5e0ae8bb1eac5dd0e213a2bb3e 
 +  - PHP manual section: yet missing
  
 ===== References ===== ===== References =====
rfc/libsodium.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1

Page Tools