Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:91963
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 94961 invoked from network); 27 Mar 2016 01:38:30 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Mar 2016 01:38:30 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.47 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.220.47 mail-pa0-f47.google.com  
Received: from [209.85.220.47] ([209.85.220.47:36609] helo=mail-pa0-f47.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3B/92-03797-49937F65 for <internals@lists.php.net>; Sat, 26 Mar 2016 20:38:28 -0500
Received: by mail-pa0-f47.google.com with SMTP id tt10so72256294pab.3
        for <internals@lists.php.net>; Sat, 26 Mar 2016 18:38:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-transfer-encoding;
        bh=saypJUARP+ThLyVmWIxuqm+tQCCp736WSQ9TGJqWzd0=;
        b=vC4EEpQHyQuLgwXT+35+5aokH/fORI1/Dz/qruYTtHLD9qWlcjwhYW9Zd+tsA0C68A
         U8DypvXuUvSMW09NzUhRPa903js1kH09Bl9kd3WJIRLSiX4tzIMrKQzB5TEAf1f6Dr8L
         FA71MKK1LOQ7zQ+d0YsYCygJTK91FusOXIuQzbQv79jyD8mwiaFECKOs4ZE+xYKRl9vA
         GneEkEhg66L2cbXlwB0iaIg46EQzhqxky3ukOnUbmz5Bv0dyMIGmWcFYvYq0XI8O7Nid
         di3v8WnQPePPjfxHt+0DY7XVioFH1cMtvfQKKWQiyFGZJoHdJ/OM94ISRjVh4KeZNCpe
         0btw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding;
        bh=saypJUARP+ThLyVmWIxuqm+tQCCp736WSQ9TGJqWzd0=;
        b=MRv2MCgSFyo0we1o5dl+aYC+1eGnQR5AdRzqGUg1f7FYTT0+/LGpIjAssD8DV6SVRr
         pZ2mvDsLGQUZ9xLwm62YgnvmdeNQyhS+aqeS2AVW4bHRpg/ocaUMI3cuVBq/88P2fD90
         yixMat+r5zmk4KuSzNtJ3RXK5I6E79yW8hDyIvi3LKRqvZVbHSnQY2Pas4H3rhylTg53
         btK9QiM6ujG7SpQc2Zc6S+Hm/7i6K3tjoqsJtuCUzeIpdJXEWJ98b+refxDfok7KNFFE
         Uh82u1gJSbBu+o1PTpSp94cVQF+4d2BVH8pAGqAo4ns6bCELUXHANHpsfWbyVNhjInGB
         lVZw==
X-Gm-Message-State: AD7BkJLkJ8Dc7xGjPrpSRD+GKExHPeQUeS+eIQ0svbmHvVrY1YqExFkLAgPXPi6qIGQsQQ==
X-Received: by 10.67.7.197 with SMTP id de5mr32057047pad.105.1459042705664;
        Sat, 26 Mar 2016 18:38:25 -0700 (PDT)
Received: from Stas-Air.local ([2602:304:cdc2:e5f0:edf7:4db:6253:3d54])
        by smtp.gmail.com with ESMTPSA id yh5sm25718978pab.13.2016.03.26.18.38.24
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sat, 26 Mar 2016 18:38:24 -0700 (PDT)
To: Scott Arciszewski <scott@paragonie.com>,
 PHP Internals <internals@lists.php.net>
References: <CAKws9z1bY=nLo=K8D9OQ_K0yhfNE-5SAEaDgyZnM34P3v8im9g@mail.gmail.com>
Message-ID: <56F7398A.5050002@gmail.com>
Date: Sat, 26 Mar 2016 18:38:18 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0)
 Gecko/20100101 Thunderbird/38.7.1
MIME-Version: 1.0
In-Reply-To: <CAKws9z1bY=nLo=K8D9OQ_K0yhfNE-5SAEaDgyZnM34P3v8im9g@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] RFC4648 encoding
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

> PHP already offers bin2hex()/hex2bin() and base64_encode()/base64_decode().
> This covers part, but not all, of RFC 4648.
> 
> I'd like to extend the coverage to include, at minimum, Base32.

What's the use case for it? Is anybody using base32 now?

> I'd also like to make these functions to be written to resist cache-timing
> attacks (i.e. when used to encode/decode encryption keys for long-term
> storage). Userland PoC: https://github.com/paragonie/constant_time_encoding
> These modifications can either be made in-place (at a negligble cost on the
> scale of nanoseconds) or they can be an alternative implementation. i.e.

What modification needs to be done for existing one? Since encoding
functions (unlike comparison ones) have to process every bit anyway, so
what are timing differences for e.g. base64? Is there any existing
research for this?

> 
>     * bin2hex_ts()
>     * base64_encode_ts()
>     * base32_encode_ts()

If you have encode functions, you should have decode too? Otherwise,
you'd have the same issue every time the key is read.

-- 
Stas Malyshev
smalyshev@gmail.com