Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87629
Return-Path: <bobwei9@hotmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 3947 invoked from network); 4 Aug 2015 20:40:18 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Aug 2015 20:40:18 -0000
Authentication-Results: pb1.pair.com header.from=bobwei9@hotmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=bobwei9@hotmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain hotmail.com designates 65.55.111.86 as permitted sender)
X-PHP-List-Original-Sender: bobwei9@hotmail.com
X-Host-Fingerprint: 65.55.111.86 blu004-omc2s11.hotmail.com  
Received: from [65.55.111.86] ([65.55.111.86:51018] helo=BLU004-OMC2S11.hotmail.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 73/74-11835-13321C55 for <internals@lists.php.net>; Tue, 04 Aug 2015 16:40:17 -0400
Received: from BLU436-SMTP12 ([65.55.111.72]) by BLU004-OMC2S11.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);
	 Tue, 4 Aug 2015 13:40:14 -0700
X-TMN: [B4QPuKcOol00uaTFzkaXff6XSBPzrMWn]
X-Originating-Email: [bobwei9@hotmail.com]
Message-ID: <BLU436-SMTP1208EA3398A3A6DDB850C9E2760@phx.gbl>
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_7C0A4EDF-5CCC-492D-BFE4-6CA9D88675B0"
MIME-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
In-Reply-To: <CAKws9z1fatmSR2YLaeBn0zVv-s3iwCj7OUKjW949QC0L_VndpA@mail.gmail.com>
Date: Tue, 4 Aug 2015 22:40:08 +0200
CC: PHP Internals <internals@lists.php.net>
References: <CAKws9z1fatmSR2YLaeBn0zVv-s3iwCj7OUKjW949QC0L_VndpA@mail.gmail.com>
To: Scott Arciszewski <scott@paragonie.com>
X-Mailer: Apple Mail (2.2070.6)
X-OriginalArrivalTime: 04 Aug 2015 20:40:12.0433 (UTC) FILETIME=[C2CDF010:01D0CEF5]
Subject: Re: [PHP-DEV] PHP 7.1 Cryptography Projects
From: bobwei9@hotmail.com (Bob Weinand)

--Apple-Mail=_7C0A4EDF-5CCC-492D-BFE4-6CA9D88675B0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"


> Am 3.8.2015 um 22:54 schrieb Scott Arciszewski <scott@paragonie.com>:
>=20
> Hi,
>=20
> I would like to make it easier for PHP developers to implement
> cryptography features in their applications. I intend to work on some
> of these ideas and submit them for inclusion in PHP 7.1.
>=20
> Some of these might be familiar to some of you.
>=20
> 1. Pluggable Cryptography Frontend
>=20
> Work is currently underway for a PHP prototype for this idea
> originally suggested by ircmaxell, that will basically be like PDO for
> cryptography. Our current project name, subject to change, is PHP
> Crypto Objects (PCO).
>=20
> The idea is that you could write code like this to add secure
> authenticated encryption to your application without having to worry
> about the details.
>=20
>    $AES =3D new \PCO\Symmetric('openssl:cipher=3DAES-128');
>    $ciphertext =3D $AES->encrypt($plaintext, $someKey);
>=20
>    $PKC =3D new \PCO\Asymmetric('libsodium');
>    $offlineDecryptable =3D $PKC->seal($plaintext, =
$someX25519PublicKey);
>=20
> When it's finished, I'd like to turn it into a PECL extension so users
> can play with it in PHP 7.0 and submit it for inclusion in 7.1.
>=20
> 2. Cache-timing-safe character encoding functions
>=20
> Alternatives for existing functions that should function like their
> unsafe counterparts, but without branches or data-based index lookups.
>=20
> * hex2bin() -> hex2bin_ts()
> * bin2hex() -> bin2hex_ts()
> * base64_encode() -> base64_encode_ts()
> * base64_decode() -> base64_decode_ts()
>=20
> Other formats are out of scope, unless someone can make the case that
> we need to support RFC 4648 base32 encoding (e.g. for Tor Hidden
> Service integration).
>=20
> 3. Other ideas (not yet committed to at all, but might be of interest
> to others):
>=20
> * Improving the OpenSSL API, or at least the documentation
> * Adding streaming encryption/decryption support to OpenSSL
> * Adding AE and AEAD interfaces to OpenSSL
> * Aliasing MCRYPT_AES -> MCRYPT_RIJNDAEL_128, adding MCYPT_MODE_CTR
>=20
> What I need from you is guidance on what features or changes you want
> to see in 7.1 and which can be put off until later (or never proposed
> as an RFC at all).
>=20
> Seriously, all I need is your opinion and whether or not you'd like to
> see any of these happen. If you have specific implementation details
> you'd like to discuss or requests, of course those are welcome too. :D
>=20
>    "With great ubiquity comes great responsibility." - Matthew Green
> <https://twitter.com/matthew_d_green/status/578567678492733440>
>=20
> Scott Arciszewski
> Chief Development Officer
> Paragon Initiative Enterprises <https://paragonie.com>

Hey,

I went ahead and just made bin2hex()/hex2bin() timing safe as a first =
step.

See https://github.com/php/php-src/pull/1453 =
<https://github.com/php/php-src/pull/1453>

Note that it does not add extra functions, but just because performance =
is just about as good as before [or even better in cases of severe =
mispredictions].

If there=E2=80=99s no negative feedback, I=E2=80=99m going to merge that =
in a few days into master.

Bob=

--Apple-Mail=_7C0A4EDF-5CCC-492D-BFE4-6CA9D88675B0--