Welcome! Log In Create A New Profile

Advanced

[PHP-DEV] [RFC] libsodium (PHP 7.2)

Posted by Scott Arciszewski 
Scott Arciszewski
[PHP-DEV] [RFC] libsodium (PHP 7.2)
January 11, 2017 07:30PM
Hi all,

I'm resurrecting my RFC to add libsodium as a core extension to PHP 7.2.

In response to feedback from Pierre Joye, I've outlined which parts of the
existing libsodium API I'd like exposed in the core extension. Most notably:

- Removed crypto_aead_aes256gcm_* because OpenSSL offers it
- Removed crypto_aead_chacha20poly1305_* because crypto_aead_* is awaiting
the CAESAR winner https://competitions.cr.yp.to/caesar.html
- Removed crypto_pwhash_scryptsalsa208sha256_* because we have Argon2i now

If anyone would like to weigh in on this in the next few weeks, I'd greatly
appreciate it.

I'm also developing a polyfill for most of the API features (except
pwhash): https://github.com/paragonie/sodium_compat

Warm regards,

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises https://paragonie.com
Julien Pauli
Re: [PHP-DEV] [RFC] libsodium (PHP 7.2)
January 12, 2017 11:30AM
On Wed, Jan 11, 2017 at 7:22 PM, Scott Arciszewski <[email protected]>
wrote:

> Hi all,
>
> I'm resurrecting my RFC to add libsodium as a core extension to PHP 7.2.
>
> In response to feedback from Pierre Joye, I've outlined which parts of the
> existing libsodium API I'd like exposed in the core extension. Most
> notably:
>
> - Removed crypto_aead_aes256gcm_* because OpenSSL offers it
> - Removed crypto_aead_chacha20poly1305_* because crypto_aead_* is awaiting
> the CAESAR winner https://competitions.cr.yp.to/caesar.html
> - Removed crypto_pwhash_scryptsalsa208sha256_* because we have Argon2i now
>
> If anyone would like to weigh in on this in the next few weeks, I'd greatly
> appreciate it.
>
> I'm also developing a polyfill for most of the API features (except
> pwhash): https://github.com/paragonie/sodium_compat
>
>
I guess you are talking about this : https://wiki.php.net/rfc/libsodium

Huge +1.


What about libsodium usage under Windows ?
I guess under *Nix, we'll rely on the OS shipping of the library , but
that's not the same flavour for Windows, where we usually need to embed,
and maintain the library.

I see a second vote for the API , PHP is not really a language where
You\Use\Things\Like\That , I'm all +1 to use_things_like_that() instead :-)

After Mcrypt has been abandonned , we really really need such a library
binding added to Core IMO.


Julien.Pauli
Scott Arciszewski
Re: [PHP-DEV] [RFC] libsodium (PHP 7.2)
January 17, 2017 12:00PM
On Thu, Jan 12, 2017 at 5:23 AM, Julien Pauli <[email protected]> wrote:

> On Wed, Jan 11, 2017 at 7:22 PM, Scott Arciszewski <[email protected]>
> wrote:
>
>> Hi all,
>>
>> I'm resurrecting my RFC to add libsodium as a core extension to PHP 7.2.
>>
>> In response to feedback from Pierre Joye, I've outlined which parts of the
>> existing libsodium API I'd like exposed in the core extension. Most
>> notably:
>>
>> - Removed crypto_aead_aes256gcm_* because OpenSSL offers it
>> - Removed crypto_aead_chacha20poly1305_* because crypto_aead_* is awaiting
>> the CAESAR winner https://competitions.cr.yp.to/caesar.html
>> - Removed crypto_pwhash_scryptsalsa208sha256_* because we have Argon2i
>> now
>>
>> If anyone would like to weigh in on this in the next few weeks, I'd
>> greatly
>> appreciate it.
>>
>> I'm also developing a polyfill for most of the API features (except
>> pwhash): https://github.com/paragonie/sodium_compat
>>
>>
> I guess you are talking about this : https://wiki.php.net/rfc/libsodium
>
> Huge +1.
>
> ​​
>
> What about libsodium usage under Windows ?
> I guess under *Nix, we'll rely on the OS shipping of the library , but
> that's not the same flavour for Windows, where we usually need to embed,
> and maintain the library.
>
> I see a second vote for the API , PHP is not really a language where
> You\Use\Things\Like\That , I'm all +1 to use_things_like_that() instead :-)
>
> After Mcrypt has been abandonned , we really really need such a library
> binding added to Core IMO.
>
>
> Julien.Pauli
>

​Yep, that's the correct URL.​


> What about libsodium usage under Windows ?
> I guess under *Nix, we'll rely on the OS shipping of the library , but
> that's not the same flavour for Windows, where we usually need to embed,
> and maintain the library.


​I'll defer to Pierre Joye on the ​intricacies involved with Windows, as
that's a topic I'm mostly unfamiliar with. Sorry I can't offer much more in
response to that.

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises https://paragonie.com/
Sorry, only registered users may post in this forum.

Click here to login