rfc:libsodium

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
rfc:libsodium [2017/01/11 18:18] sarciszewskirfc:libsodium [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== PHP RFC: Make Libsodium a Core Extension ====== ====== PHP RFC: Make Libsodium a Core Extension ======
-  * Version: 0.4.0+  * Version: 0.5.1
   * Date: 2016-01-11   * Date: 2016-01-11
   * Author: Scott Arciszewski, scott@paragonie.com   * Author: Scott Arciszewski, scott@paragonie.com
-  * Status: Under Discussion+  * Status: Implemented
   * First Published at: http://wiki.php.net/rfc/libsodium   * First Published at: http://wiki.php.net/rfc/libsodium
  
Line 76: Line 76:
     * \Sodium\crypto_sign_open()     * \Sodium\crypto_sign_open()
   * PECL Libsodium Features   * PECL Libsodium Features
 +    * \Sodium\crypto_aead_chacha20poly1305_encrypt()
 +    * \Sodium\crypto_aead_chacha20poly1305_decrypt()
 +    * \Sodium\crypto_aead_chacha20poly1305_ietf_encrypt()
 +    * \Sodium\crypto_aead_chacha20poly1305_ietf_decrypt()
 +    * \Sodium\crypto_box_keypair()
 +    * \Sodium\crypto_box_keypair_from_secretkey_and_publickey()
 +    * \Sodium\crypto_box_publickey()
 +    * \Sodium\crypto_box_publickey_from_secretkey()
     * \Sodium\crypto_box_seal()     * \Sodium\crypto_box_seal()
     * \Sodium\crypto_box_seal_open()     * \Sodium\crypto_box_seal_open()
 +    * \Sodium\crypto_box_secretkey()
     * \Sodium\crypto_generichash()     * \Sodium\crypto_generichash()
     * \Sodium\crypto_generichash_init()     * \Sodium\crypto_generichash_init()
Line 88: Line 97:
     * \Sodium\crypto_shorthash()     * \Sodium\crypto_shorthash()
     * \Sodium\crypto_sign_detached()     * \Sodium\crypto_sign_detached()
 +    * \Sodium\crypto_sign_keypair()
 +    * \Sodium\crypto_sign_publickey()
 +    * \Sodium\crypto_sign_publickey_from_secretkey()
 +    * \Sodium\crypto_sign_secretkey()
     * \Sodium\crypto_sign_verify_detached()     * \Sodium\crypto_sign_verify_detached()
     * \Sodium\crypto_stream()     * \Sodium\crypto_stream()
Line 95: Line 108:
     * \Sodium\increment()     * \Sodium\increment()
  
-We don't need crypto_aead_*() yet. We can get AES-GCM via OpenSSL as of PHP 7.1, and crypto_aead_encrypt() will be the CAESAR finalist. https://competitions.cr.yp.to/caesar.html+Because crypto_aead_encrypt() will be the CAESAR finalist, we should tentatively commit to adding that one day. https://competitions.cr.yp.to/caesar.html 
 + 
 +We don't need crypto_aead_aes256gcm since that's provided by OpenSSL. We only provide ChaCha20-Poly1305 for e.g. Noise protocol integrations.
  
 We don't need scrypt; we have crypto_pwhash() which is Argon2i. We don't need scrypt; we have crypto_pwhash() which is Argon2i.
Line 109: Line 124:
 I'm not aware of any potential impact that adopting ext/sodium will have on other RFCs. I'm not aware of any potential impact that adopting ext/sodium will have on other RFCs.
  
-==== New Constants ====+ 
 +===== Future Scope ===== 
 + 
 +With libsodium in the PHP core, we may be able to update the Phar extension to support Ed25519 signatures. This will be a great boon for authentic PHP Archive distribution. The current best option, OpenSSL, may provide inadequate security. 
 + 
 +===== New Constants =====
  
 See the list of all libsodium constants in the reference. In every case, \Sodium\FOO will be transformed to SODIUM_FOO. See the list of all libsodium constants in the reference. In every case, \Sodium\FOO will be transformed to SODIUM_FOO.
  
 <code> <code>
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES => 32
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_NSECBYTES => 0
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES => 8
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_ABYTES => 16
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES => 32
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_NSECBYTES => 0
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES => 12
 +\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES => 16 
 \Sodium\CRYPTO_AUTH_BYTES => 32 \Sodium\CRYPTO_AUTH_BYTES => 32
 \Sodium\CRYPTO_AUTH_KEYBYTES => 32 \Sodium\CRYPTO_AUTH_KEYBYTES => 32
Line 158: Line 186:
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
  
-Vote YES to add ext/sodium to PHP 7.2. A 50%+1 majority should be sufficient. 
  
-Second vote: Vote YES to keep the namespace (\Sodium\etc), vote NO to switch to a prefix in the global namespace (sodium_etc). This constitutes an inconsistency with PHP's coding standard and therefore should require a 2/3 majority.+Voting starts on 2017-02-03 20:42 UTC and closes on 2017-02-10 21:00 UTC. 
 + 
 +Vote YES to add ext/sodium to PHP 7.2. As per new voting rules, a 2/3 majority is required. 
 + 
 +<doodle title="Libsodium as a Core Extension in PHP 7.2" auth="sarciszewski" voteType="single" closed="true"> 
 +   * Yes 
 +   * No 
 +</doodle> 
 + 
 +Second vote: Vote YES to keep the namespace (\Sodium\etc), vote NO to switch to a prefix in the global namespace (sodium_etc). 2/3 majority is also required for "Yes" to be acceptedThe default is for "No"
 + 
 +<doodle title="Use the current PECL syntax?" auth="sarciszewski" voteType="single" closed="true"> 
 +   * Yes, \Sodium\foo 
 +   * No, sodium_foo 
 +</doodle> 
 + 
 +===== Implementation ===== 
 +  
 +  - merged to PHP 7.2+ in http://git.php.net/?p=php-src.git;a=commit;h=5cfa26c18189ae5e0ae8bb1eac5dd0e213a2bb3e 
 +  - PHP manual section: yet missing
  
 ===== References ===== ===== References =====
rfc/libsodium.1484158692.txt.gz · Last modified: 2017/09/22 13:28 (external edit)