I don't think there is time to get something finalised for 7.0, I
certainly wouldn't want anything cryptography related to be rushed, so
this is a pre-RFC discussion to gather ideas and opinions for
something we can work towards in PHP 7.1 and that can live as a PECL
extension between now and then.
I would like to propose a generic cryptographic framework is added
into core. We already have a generic hashing framework in ext/hash
that we are comitted to supporting and I think our users would benefit
from having a set of widely used cryptographic functions available
without having a to depend on external libraries or extensions.
However this framework should also be extensible by third-party
extensions. The preferred behaviour of an extension that provides a
cipher or hash function would be to register it with the framework and
then it would become available through the same methods as any of the
built-in algorithms. This also provides a way of swapping underlying
libraries without changing the way they are called, hopefully making
problems such as the ones we're facing with mcrypt a thing of the
past.
The framework should provide as core features (in my opinion):
- A set of built-in widely used and accepted ciphers.
- A set of built-in widely used and accepted hashes and MACs.
(ext/hash becomes part of this framework) - A portable high quality random number generator
- Built-in interfaces for crypto-providing extensions to implement.
- Crypto contexts as objects with familar init/update/final type methods.
- Stream filters for enc/dec/hash/mac etc. that can take a crypto
context object. - Easy to use one-shot functions that handle the context behind the scenes.
There is obviously no work on an implementation yet, but I know Jakub
has already spent a lot of time on the php-crypto objective OpenSSL
wrapper. I think a lot of his work would be very useful for
bootstrapping a generic framework project.
Lets try and avoid discussions on names and syntax, that can wait. I'd
really welcome any and all feedback on this as a proposal, with a view
to starting a project to give us a stable and maintainable foundation
for the future.
Would this be considered a valuable addition?
Is it possible to provide a succinct API for the overwhelming majority
of peoples crypto needs?
Are there any major concerns about this type of framework being added?
Does anyone think this is the wrong approach entirely (and have a better idea!)?