Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:97997 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 3117 invoked from network); 27 Jan 2017 21:42:45 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Jan 2017 21:42:45 -0000 Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain paragonie.com designates 209.85.218.49 as permitted sender) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 209.85.218.49 mail-oi0-f49.google.com Received: from [209.85.218.49] ([209.85.218.49:35092] helo=mail-oi0-f49.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 13/2C-28703-2DEBB885 for ; Fri, 27 Jan 2017 16:42:42 -0500 Received: by mail-oi0-f49.google.com with SMTP id j15so164804406oih.2 for ; Fri, 27 Jan 2017 13:42:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragonie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=ws+IVBKTOkQ5qZEP9nHg3DxNwpuADP1jCi7diLYVUaI=; b=FTkOoaa1Uck+8YPfc+urNBzOtvQ2iLA8A2QEaQO1aXiCg8pn9sHUN5LoZLqmUM91X2 cDQa16r2z+bFktbwJAN/xgjuLt2kO7Q6tisUioOO+C58xQS61dHzJEm3Za/VyHodqs6I Ma7W9Rlbi6hSTrd410wkoQnv9F6SSgcFgn1/HzqBcaTtwJVa/jxRMrAUI1G+AYPl5dq6 DLc6U+3fTDOwtpyLZvP836CS6TZryLucMgnVGz+WziHeBjqZiZt/tJP9PYmCdT/W1FXI OWeibN+YgcVV5rXz3dHAgUHD/VBtS1lwonWsAcYbUxrCTmdngQ6bMWxQHdlhKNdIzEmD mptQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=ws+IVBKTOkQ5qZEP9nHg3DxNwpuADP1jCi7diLYVUaI=; b=UpiKfjqyhcJc4VxAJH4TYbLsoLeNKrTjFmfFri14WhnsJUcy8RYFCLqNuzB7/A7qYC AtkrhXovgP8YuT7cVgJ8rLu+zhoZZWYQEQfx4gZ4P6QdtPsOeimIwhGWwkroefsuCKj3 2fvscTowjyqTSu/vPVEmg3S7BuJ5nM0zq8E7GNIb7g3xC1GzfwoaCZVj2/aUGK4CoTrJ jTeVkq6I/seyPdVfhG04MkFKWolrPMirGpFaESHxusFFP9pXVFmjbWvhpKG97fRNo0uJ jstHx/keswE/3b79hBlPimebQrt+20JOVQg/JlVoapoyInfFDS/ideHU5MhPY9NLkmtg 0u4g== X-Gm-Message-State: AIkVDXKTagBudduXyX7k9ofMnRponD1F/DEdeKT0BSrgJBCVXSQ/XXbvJvsPkEiac2lvySzZSS+DXfik62WQwg== X-Received: by 10.202.170.85 with SMTP id t82mr5426876oie.0.1485553359579; Fri, 27 Jan 2017 13:42:39 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.56.141 with HTTP; Fri, 27 Jan 2017 13:42:39 -0800 (PST) In-Reply-To: References: Date: Fri, 27 Jan 2017 16:42:39 -0500 Message-ID: To: PHP Internals Content-Type: multipart/alternative; boundary=001a113ce6ba4b03c805471a58ca Subject: Re: [PHP-DEV] [RFC] libsodium (PHP 7.2) From: scott@paragonie.com (Scott Arciszewski) --001a113ce6ba4b03c805471a58ca Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, Jan 17, 2017 at 5:49 AM, Scott Arciszewski wrote: > On Thu, Jan 12, 2017 at 5:23 AM, Julien Pauli wrote: > >> On Wed, Jan 11, 2017 at 7:22 PM, Scott Arciszewski >> wrote: >> >>> Hi all, >>> >>> I'm resurrecting my RFC to add libsodium as a core extension to PHP 7.2= . >>> >>> In response to feedback from Pierre Joye, I've outlined which parts of >>> the >>> existing libsodium API I'd like exposed in the core extension. Most >>> notably: >>> >>> - Removed crypto_aead_aes256gcm_* because OpenSSL offers it >>> - Removed crypto_aead_chacha20poly1305_* because crypto_aead_* is >>> awaiting >>> the CAESAR winner https://competitions.cr.yp.to/caesar.html >>> - Removed crypto_pwhash_scryptsalsa208sha256_* because we have Argon2i >>> now >>> >>> If anyone would like to weigh in on this in the next few weeks, I'd >>> greatly >>> appreciate it. >>> >>> I'm also developing a polyfill for most of the API features (except >>> pwhash): https://github.com/paragonie/sodium_compat >>> >>> >> I guess you are talking about this : https://wiki.php.net/rfc/libsodium >> >> Huge +1. >> >> =E2=80=8B=E2=80=8B >> >> What about libsodium usage under Windows ? >> I guess under *Nix, we'll rely on the OS shipping of the library , but >> that's not the same flavour for Windows, where we usually need to embed, >> and maintain the library. >> >> I see a second vote for the API , PHP is not really a language where >> You\Use\Things\Like\That , I'm all +1 to use_things_like_that() instead = :-) >> >> After Mcrypt has been abandonned , we really really need such a library >> binding added to Core IMO. >> >> >> Julien.Pauli >> > > =E2=80=8BYep, that's the correct URL.=E2=80=8B > =E2=80=8B > >> What about libsodium usage under Windows ? >> I guess under *Nix, we'll rely on the OS shipping of the library , but >> that's not the same flavour for Windows, where we usually need to embed, >> and maintain the library. > > =E2=80=8B > =E2=80=8BI'll defer to Pierre Joye on the =E2=80=8Bintricacies involved w= ith Windows, as > that's a topic I'm mostly unfamiliar with. Sorry I can't offer much more = in > response to that. > > Scott Arciszewski > Chief Development Officer > Paragon Initiative Enterprises =E2=80=8B > > =E2=80=8BHi again, I've updated the RFC to v0.5.0: =E2=80=8B =E2=80=8Bhttps://wiki.php.net/rfc/libsodium This adds crypto_aead_chacha20poly1305 which is extremely useful for protocols like Noise, which will come in handy if anyone ever wants to build WhatsApp bots. http://www.noiseprotocol.org/ At this point, I believe the API coverage is satisfactory. If there are no objections, comments, or questions, I'd like to open voting soon. It's been two weeks already, but in interest of fairness, I'll open the vote one week from now at the earliest. R =E2=80=8Begards, =E2=80=8B Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises =E2=80=8B --001a113ce6ba4b03c805471a58ca--