diff options
author | Anton Luka Šijanec <anton@sijanec.eu> | 2024-05-27 13:08:29 +0200 |
---|---|---|
committer | Anton Luka Šijanec <anton@sijanec.eu> | 2024-05-27 13:08:29 +0200 |
commit | 75160b12821f7f4299cce7f0b69c83c1502ae071 (patch) | |
tree | 27e25e4ccaef45f0c58b22831164050d1af1d4db /vendor/paragonie/sodium_compat/README.md | |
parent | prvi-commit (diff) | |
download | 1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar 1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar.gz 1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar.bz2 1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar.lz 1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar.xz 1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar.zst 1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.zip |
Diffstat (limited to 'vendor/paragonie/sodium_compat/README.md')
-rw-r--r-- | vendor/paragonie/sodium_compat/README.md | 721 |
1 files changed, 374 insertions, 347 deletions
diff --git a/vendor/paragonie/sodium_compat/README.md b/vendor/paragonie/sodium_compat/README.md index a50508c..88e7629 100644 --- a/vendor/paragonie/sodium_compat/README.md +++ b/vendor/paragonie/sodium_compat/README.md @@ -1,347 +1,374 @@ -# Sodium Compat
-
-[![Build Status](https://github.com/paragonie/sodium_compat/actions/workflows/ci.yml/badge.svg)](https://github.com/paragonie/sodium_compat/actions)
-[![Windows Build Status](https://ci.appveyor.com/api/projects/status/itcx1vgmfqiawgbe?svg=true)](https://ci.appveyor.com/project/paragonie-scott/sodium-compat)
-[![Latest Stable Version](https://poser.pugx.org/paragonie/sodium_compat/v/stable)](https://packagist.org/packages/paragonie/sodium_compat)
-[![Latest Unstable Version](https://poser.pugx.org/paragonie/sodium_compat/v/unstable)](https://packagist.org/packages/paragonie/sodium_compat)
-[![License](https://poser.pugx.org/paragonie/sodium_compat/license)](https://packagist.org/packages/paragonie/sodium_compat)
-[![Downloads](https://img.shields.io/packagist/dt/paragonie/sodium_compat.svg)](https://packagist.org/packages/paragonie/sodium_compat)
-
-Sodium Compat is a pure PHP polyfill for the Sodium cryptography library
-(libsodium), a core extension in PHP 7.2.0+ and otherwise [available in PECL](https://pecl.php.net/package/libsodium).
-
-This library tentativeley supports PHP 5.2.4 - 8.x (latest), but officially
-only supports [non-EOL'd versions of PHP](https://secure.php.net/supported-versions.php).
-
-If you have the PHP extension installed, Sodium Compat will opportunistically
-and transparently use the PHP extension instead of our implementation.
-
-## IMPORTANT!
-
-This cryptography library has not been formally audited by an independent third
-party that specializes in cryptography or cryptanalysis.
-
-If you require such an audit before you can use sodium_compat in your projects
-and have the funds for such an audit, please open an issue or contact
-`security at paragonie dot com` so we can help get the ball rolling.
-
-However, sodium_compat has been adopted by high profile open source projects,
-such as [Joomla!](https://github.com/joomla/joomla-cms/blob/459d74686d2a638ec51149d7c44ddab8075852be/composer.json#L40)
-and [Magento](https://github.com/magento/magento2/blob/8fd89cfdf52c561ac0ca7bc20fd38ef688e201b0/composer.json#L44).
-Furthermore, sodium_compat was developed by Paragon Initiative Enterprises, a
-company that *specializes* in secure PHP development and PHP cryptography, and
-has been informally reviewed by many other security experts who also specialize
-in PHP.
-
-If you'd like to learn more about the defensive security measures we've taken
-to prevent sodium_compat from being a source of vulnerability in your systems,
-please read [*Cryptographically Secure PHP Development*](https://paragonie.com/blog/2017/02/cryptographically-secure-php-development).
-
-# Installing Sodium Compat
-
-If you're using Composer:
-
-```bash
-composer require paragonie/sodium_compat
-```
-
-### Install From Source
-
-If you're not using Composer, download a [release tarball](https://github.com/paragonie/sodium_compat/releases)
-(which should be signed with [our GnuPG public key](https://paragonie.com/static/gpg-public-key.txt)), extract
-its contents, then include our `autoload.php` script in your project.
-
-```php
-<?php
-require_once "/path/to/sodium_compat/autoload.php";
-```
-
-### PHP Archives (Phar) Releases
-
-Since version 1.3.0, [sodium_compat releases](https://github.com/paragonie/sodium_compat/releases) include a
-PHP Archive (.phar file) and associated GPG signature. First, download both files and verify them with our
-GPG public key, like so:
-
-```bash
-# Getting our public key from the keyserver:
-gpg --fingerprint 7F52D5C61D1255C731362E826B97A1C2826404DA
-if [ $? -ne 0 ]; then
- echo -e "\033[33mDownloading PGP Public Key...\033[0m"
- gpg --keyserver pgp.mit.edu --recv-keys 7F52D5C61D1255C731362E826B97A1C2826404DA
- # Security <security@paragonie.com>
- gpg --fingerprint 7F52D5C61D1255C731362E826B97A1C2826404DA
- if [ $? -ne 0 ]; then
- echo -e "\033[31mCould not download PGP public key for verification\033[0m"
- exit 1
- fi
-fi
-
-# Verifying the PHP Archive
-gpg --verify sodium-compat.phar.sig sodium-compat.phar
-```
-
-Now, simply include this .phar file in your application.
-
-```php
-<?php
-require_once "/path/to/sodium-compat.phar";
-```
-
-# Support
-
-[Commercial support for libsodium](https://download.libsodium.org/doc/commercial_support/) is available
-from multiple vendors. If you need help using sodium_compat in one of your projects, [contact Paragon Initiative Enterprises](https://paragonie.com/contact).
-
-Non-commercial report will be facilitated through [Github issues](https://github.com/paragonie/sodium_compat/issues).
-We offer no guarantees of our availability to resolve questions about integrating sodium_compat into third-party
-software for free, but will strive to fix any bugs (security-related or otherwise) in our library.
-
-## Support Contracts
-
-If your company uses this library in their products or services, you may be
-interested in [purchasing a support contract from Paragon Initiative Enterprises](https://paragonie.com/enterprise).
-
-# Using Sodium Compat
-
-## True Polyfill
-
-If you're using PHP 5.3.0 or newer and do not have the PECL extension installed,
-you can just use the [standard ext/sodium API features as-is](https://paragonie.com/book/pecl-libsodium)
-and the polyfill will work its magic.
-
-```php
-<?php
-require_once "/path/to/sodium_compat/autoload.php";
-
-$alice_kp = \Sodium\crypto_sign_keypair();
-$alice_sk = \Sodium\crypto_sign_secretkey($alice_kp);
-$alice_pk = \Sodium\crypto_sign_publickey($alice_kp);
-
-$message = 'This is a test message.';
-$signature = \Sodium\crypto_sign_detached($message, $alice_sk);
-if (\Sodium\crypto_sign_verify_detached($signature, $message, $alice_pk)) {
- echo 'OK', PHP_EOL;
-} else {
- throw new Exception('Invalid signature');
-}
-```
-
-The polyfill does not expose this API on PHP < 5.3, or if you have the PHP
-extension installed already.
-
-## General-Use Polyfill
-
-If your users are on PHP < 5.3, or you want to write code that will work
-whether or not the PECL extension is available, you'll want to use the
-**`ParagonIE_Sodium_Compat`** class for most of your libsodium needs.
-
-The above example, written for general use:
-
-```php
-<?php
-require_once "/path/to/sodium_compat/autoload.php";
-
-$alice_kp = ParagonIE_Sodium_Compat::crypto_sign_keypair();
-$alice_sk = ParagonIE_Sodium_Compat::crypto_sign_secretkey($alice_kp);
-$alice_pk = ParagonIE_Sodium_Compat::crypto_sign_publickey($alice_kp);
-
-$message = 'This is a test message.';
-$signature = ParagonIE_Sodium_Compat::crypto_sign_detached($message, $alice_sk);
-if (ParagonIE_Sodium_Compat::crypto_sign_verify_detached($signature, $message, $alice_pk)) {
- echo 'OK', PHP_EOL;
-} else {
- throw new Exception('Invalid signature');
-}
-```
-
-Generally: If you replace `\Sodium\ ` with `ParagonIE_Sodium_Compat::`, any
-code already written for the libsodium PHP extension should work with our
-polyfill without additional code changes.
-
-Since this doesn't require a namespace, this API *is* exposed on PHP 5.2.
-
-Since version 0.7.0, we have our own namespaced API (`ParagonIE\Sodium\*`) to allow brevity
-in software that uses PHP 5.3+. This is useful if you want to use our file cryptography
-features without writing `ParagonIE_Sodium_File` every time. This is not exposed on PHP < 5.3,
-so if your project supports PHP < 5.3, use the underscore method instead.
-
-To learn how to use Libsodium, read [*Using Libsodium in PHP Projects*](https://paragonie.com/book/pecl-libsodium).
-
-## PHP 7.2 Polyfill
-
-As per the [second vote on the libsodium RFC](https://wiki.php.net/rfc/libsodium#proposed_voting_choices),
-PHP 7.2 uses `sodium_*` instead of `\Sodium\*`.
-
-```php
-<?php
-require_once "/path/to/sodium_compat/autoload.php";
-
-$alice_kp = sodium_crypto_sign_keypair();
-$alice_sk = sodium_crypto_sign_secretkey($alice_kp);
-$alice_pk = sodium_crypto_sign_publickey($alice_kp);
-
-$message = 'This is a test message.';
-$signature = sodium_crypto_sign_detached($message, $alice_sk);
-if (sodium_crypto_sign_verify_detached($signature, $message, $alice_pk)) {
- echo 'OK', PHP_EOL;
-} else {
- throw new Exception('Invalid signature');
-}
-```
-
-## Help, Sodium_Compat is Slow! How can I make it fast?
-
-There are three ways to make it fast:
-
-1. Use PHP 7.2.
-2. [Install the libsodium PHP extension from PECL](https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium).
-3. Only if the previous two options are not available for you:
- 1. Verify that [the processor you're using actually implements constant-time multiplication](https://bearssl.org/ctmul.html).
- Sodium_compat does, but it must trade some speed in order to attain cross-platform security.
- 2. Only if you are 100% certain that your processor is safe, you can set `ParagonIE_Sodium_Compat::$fastMult = true;`
- without harming the security of your cryptography keys. If your processor *isn't* safe, then decide whether you
- want speed or security because you can't have both.
-
-### How can I tell if sodium_compat will be slow, at runtime?
-
-Since version 1.8, you can use the `polyfill_is_fast()` static method to
-determine if sodium_compat will be slow at runtime.
-
-```php
-<?php
-if (ParagonIE_Sodium_Compat::polyfill_is_fast()) {
- // Use libsodium now
- $process->execute();
-} else {
- // Defer to a cron job or other sort of asynchronous process
- $process->enqueue();
-}
-```
-
-### Help, my PHP only has 32-Bit Integers! It's super slow!
-
-Some features of sodium_compat are ***incredibly slow* with PHP 5 on Windows**
-(in particular: public-key cryptography (encryption and signatures) is
-affected), and there is nothing we can do about that, due to platform
-restrictions on integers.
-
-For acceptable performance, we highly recommend Windows users to version 1.0.6
-of the libsodium extension from PECL or, alternatively, simply upgrade to PHP 7
-and the slowdown will be greatly reduced.
-
-This is also true of non-Windows 32-bit operating systems, or if somehow PHP
-was compiled where `PHP_INT_SIZE` equals `4` instead of `8` (i.e. Linux on i386).
-
-## Documentation
-
-First, you'll want to read the [Libsodium Quick Reference](https://paragonie.com/blog/2017/06/libsodium-quick-reference-quick-comparison-similar-functions-and-which-one-use).
-It aims to answer, "Which function should I use for [common problem]?".
-
-If you don't find the answers in the Quick Reference page, check out
-[*Using Libsodium in PHP Projects*](https://paragonie.com/book/pecl-libsodium).
-
-Finally, the [official libsodium documentation](https://download.libsodium.org/doc/)
-(which was written for the C library, not the PHP library) also contains a lot of
-insightful technical information you may find helpful.
-
-## API Coverage
-
-**Recommended reading:** [Libsodium Quick Reference](https://paragonie.com/blog/2017/06/libsodium-quick-reference-quick-comparison-similar-functions-and-which-one-use)
-
-* Mainline NaCl Features
- * `crypto_auth()`
- * `crypto_auth_verify()`
- * `crypto_box()`
- * `crypto_box_open()`
- * `crypto_scalarmult()`
- * `crypto_secretbox()`
- * `crypto_secretbox_open()`
- * `crypto_sign()`
- * `crypto_sign_open()`
-* PECL Libsodium Features
- * `crypto_aead_aes256gcm_encrypt()`
- * `crypto_aead_aes256gcm_decrypt()`
- * `crypto_aead_chacha20poly1305_encrypt()`
- * `crypto_aead_chacha20poly1305_decrypt()`
- * `crypto_aead_chacha20poly1305_ietf_encrypt()`
- * `crypto_aead_chacha20poly1305_ietf_decrypt()`
- * `crypto_aead_xchacha20poly1305_ietf_encrypt()`
- * `crypto_aead_xchacha20poly1305_ietf_decrypt()`
- * `crypto_box_xchacha20poly1305()`
- * `crypto_box_xchacha20poly1305_open()`
- * `crypto_box_seal()`
- * `crypto_box_seal_open()`
- * `crypto_generichash()`
- * `crypto_generichash_init()`
- * `crypto_generichash_update()`
- * `crypto_generichash_final()`
- * `crypto_kx()`
- * `crypto_secretbox_xchacha20poly1305()`
- * `crypto_secretbox_xchacha20poly1305_open()`
- * `crypto_shorthash()`
- * `crypto_sign_detached()`
- * `crypto_sign_ed25519_pk_to_curve25519()`
- * `crypto_sign_ed25519_sk_to_curve25519()`
- * `crypto_sign_verify_detached()`
- * For advanced users only:
- * `crypto_stream()`
- * `crypto_stream_xor()`
- * Other utilities (e.g. `crypto_*_keypair()`)
- * `add()`
- * `base642bin()`
- * `bin2base64()`
- * `bin2hex()`
- * `hex2bin()`
- * `crypto_kdf_derive_from_key()`
- * `crypto_kx_client_session_keys()`
- * `crypto_kx_server_session_keys()`
- * `crypto_secretstream_xchacha20poly1305_init_push()`
- * `crypto_secretstream_xchacha20poly1305_push()`
- * `crypto_secretstream_xchacha20poly1305_init_pull()`
- * `crypto_secretstream_xchacha20poly1305_pull()`
- * `crypto_secretstream_xchacha20poly1305_rekey()`
- * `pad()`
- * `unpad()`
-
-### Cryptography Primitives Provided
-
-* **X25519** - Elliptic Curve Diffie Hellman over Curve25519
-* **Ed25519** - Edwards curve Digital Signature Algorithm over Curve25519
-* **Xsalsa20** - Extended-nonce Salsa20 stream cipher
-* **ChaCha20** - Stream cipher
-* **Xchacha20** - Extended-nonce ChaCha20 stream cipher
-* **Poly1305** - Polynomial Evaluation Message Authentication Code modulo 2^130 - 5
-* **BLAKE2b** - Cryptographic Hash Function
-* **SipHash-2-4** - Fast hash, but not collision-resistant; ideal for hash tables.
-
-### Features Excluded from this Polyfill
-
-* `\Sodium\memzero()` - Although we expose this API endpoint, we can't reliably
- zero buffers from PHP.
-
- If you have the PHP extension installed, sodium_compat
- will use the native implementation to zero out the string provided. Otherwise
- it will throw a `SodiumException`.
-* `\Sodium\crypto_pwhash()` - It's not feasible to polyfill scrypt or Argon2
- into PHP and get reasonable performance. Users would feel motivated to select
- parameters that downgrade security to avoid denial of service (DoS) attacks.
-
- The only winning move is not to play.
-
- If ext/sodium or ext/libsodium is installed, these API methods will fallthrough
- to the extension. Otherwise, our polyfill library will throw a `SodiumException`.
-
- To detect support for Argon2i at runtime, use
- `ParagonIE_Sodium_Compat::crypto_pwhash_is_available()`, which returns a
- boolean value (`TRUE` or `FALSE`).
-
-### PHPCompatibility Ruleset
-
-For sodium_compat users and that utilize [`PHPCompatibility`](https://github.com/PHPCompatibility/PHPCompatibility)
-in their CI process, there is now a custom ruleset available which can be used
-to prevent false positives being thrown by `PHPCompatibility` for the native
-PHP functionality being polyfilled by this repo.
-
-You can find the repo for the `PHPCompatibilityParagonieSodiumCompat` ruleset
-here [on Github](https://github.com/PHPCompatibility/PHPCompatibilityParagonie)
-and [on Packagist](https://packagist.org/packages/phpcompatibility/phpcompatibility-paragonie).
+# Sodium Compat + +[![Build Status](https://github.com/paragonie/sodium_compat/actions/workflows/ci.yml/badge.svg)](https://github.com/paragonie/sodium_compat/actions) +[![Psalm Status](https://github.com/paragonie/sodium_compat/actions/workflows/psalm.yml/badge.svg)](https://github.com/paragonie/sodium_compat/actions) +[![Windows Build Status](https://ci.appveyor.com/api/projects/status/itcx1vgmfqiawgbe?svg=true)](https://ci.appveyor.com/project/paragonie-scott/sodium-compat) +[![Latest Stable Version](https://poser.pugx.org/paragonie/sodium_compat/v/stable)](https://packagist.org/packages/paragonie/sodium_compat) +[![Latest Unstable Version](https://poser.pugx.org/paragonie/sodium_compat/v/unstable)](https://packagist.org/packages/paragonie/sodium_compat) +[![License](https://poser.pugx.org/paragonie/sodium_compat/license)](https://packagist.org/packages/paragonie/sodium_compat) +[![Downloads](https://img.shields.io/packagist/dt/paragonie/sodium_compat.svg)](https://packagist.org/packages/paragonie/sodium_compat) + +Sodium Compat is a pure PHP polyfill for the Sodium cryptography library +(libsodium), a core extension in PHP 7.2.0+ and otherwise [available in PECL](https://pecl.php.net/package/libsodium). + +This library tentatively supports PHP 5.2.4 - 8.x (latest), but officially +only supports [non-EOL'd versions of PHP](https://secure.php.net/supported-versions.php). + +If you have the PHP extension installed, Sodium Compat will opportunistically +and transparently use the PHP extension instead of our implementation. + +## IMPORTANT! + +This cryptography library has not been formally audited by an independent third +party that specializes in cryptography or cryptanalysis. + +If you require such an audit before you can use sodium_compat in your projects +and have the funds for such an audit, please open an issue or contact +`security at paragonie dot com` so we can help get the ball rolling. + +However, sodium_compat has been adopted by high profile open source projects, +such as [Joomla!](https://github.com/joomla/joomla-cms/blob/459d74686d2a638ec51149d7c44ddab8075852be/composer.json#L40) +and [Magento](https://github.com/magento/magento2/blob/8fd89cfdf52c561ac0ca7bc20fd38ef688e201b0/composer.json#L44). +Furthermore, sodium_compat was developed by Paragon Initiative Enterprises, a +company that *specializes* in secure PHP development and PHP cryptography, and +has been informally reviewed by many other security experts who also specialize +in PHP. + +If you'd like to learn more about the defensive security measures we've taken +to prevent sodium_compat from being a source of vulnerability in your systems, +please read [*Cryptographically Secure PHP Development*](https://paragonie.com/blog/2017/02/cryptographically-secure-php-development). + +# Installing Sodium Compat + +If you're using Composer: + +```bash +composer require paragonie/sodium_compat +``` + +### Install From Source + +If you're not using Composer, download a [release tarball](https://github.com/paragonie/sodium_compat/releases) +(which should be signed with [our GnuPG public key](https://paragonie.com/static/gpg-public-key.txt)), extract +its contents, then include our `autoload.php` script in your project. + +```php +<?php +require_once "/path/to/sodium_compat/autoload.php"; +``` + +### PHP Archives (Phar) Releases + +Since version 1.3.0, [sodium_compat releases](https://github.com/paragonie/sodium_compat/releases) include a +PHP Archive (.phar file) and associated GPG signature. First, download both files and verify them with our +GPG public key, like so: + +```bash +# Getting our public key from the keyserver: +gpg --fingerprint 7F52D5C61D1255C731362E826B97A1C2826404DA +if [ $? -ne 0 ]; then + echo -e "\033[33mDownloading PGP Public Key...\033[0m" + gpg --keyserver pgp.mit.edu --recv-keys 7F52D5C61D1255C731362E826B97A1C2826404DA + # Security <security@paragonie.com> + gpg --fingerprint 7F52D5C61D1255C731362E826B97A1C2826404DA + if [ $? -ne 0 ]; then + echo -e "\033[31mCould not download PGP public key for verification\033[0m" + exit 1 + fi +fi + +# Verifying the PHP Archive +gpg --verify sodium-compat.phar.sig sodium-compat.phar +``` + +Now, simply include this .phar file in your application. + +```php +<?php +require_once "/path/to/sodium-compat.phar"; +``` + +# Support + +[Commercial support for libsodium](https://download.libsodium.org/doc/commercial_support/) is available +from multiple vendors. If you need help using sodium_compat in one of your projects, [contact Paragon Initiative Enterprises](https://paragonie.com/contact). + +Non-commercial report will be facilitated through [Github issues](https://github.com/paragonie/sodium_compat/issues). +We offer no guarantees of our availability to resolve questions about integrating sodium_compat into third-party +software for free, but will strive to fix any bugs (security-related or otherwise) in our library. + +## Support Contracts + +If your company uses this library in their products or services, you may be +interested in [purchasing a support contract from Paragon Initiative Enterprises](https://paragonie.com/enterprise). + +# Using Sodium Compat + +## True Polyfill + +As per the [second vote on the libsodium RFC](https://wiki.php.net/rfc/libsodium#proposed_voting_choices), +PHP 7.2 uses `sodium_*` instead of `\Sodium\*`. + +```php +<?php +require_once "/path/to/sodium_compat/autoload.php"; + +$alice_kp = sodium_crypto_sign_keypair(); +$alice_sk = sodium_crypto_sign_secretkey($alice_kp); +$alice_pk = sodium_crypto_sign_publickey($alice_kp); + +$message = 'This is a test message.'; +$signature = sodium_crypto_sign_detached($message, $alice_sk); +if (sodium_crypto_sign_verify_detached($signature, $message, $alice_pk)) { + echo 'OK', PHP_EOL; +} else { + throw new Exception('Invalid signature'); +} +``` + +## Polyfill For the Old PECL Extension API + +If you're using PHP 5.3.0 or newer and do not have the PECL extension installed, +you can just use the [standard ext/sodium API features as-is](https://paragonie.com/book/pecl-libsodium) +and the polyfill will work its magic. + +```php +<?php +require_once "/path/to/sodium_compat/autoload.php"; + +$alice_kp = \Sodium\crypto_sign_keypair(); +$alice_sk = \Sodium\crypto_sign_secretkey($alice_kp); +$alice_pk = \Sodium\crypto_sign_publickey($alice_kp); + +$message = 'This is a test message.'; +$signature = \Sodium\crypto_sign_detached($message, $alice_sk); +if (\Sodium\crypto_sign_verify_detached($signature, $message, $alice_pk)) { + echo 'OK', PHP_EOL; +} else { + throw new Exception('Invalid signature'); +} +``` + +The polyfill does not expose this API on PHP < 5.3, or if you have the PHP +extension installed already. + +## General-Use Polyfill + +If your users are on PHP < 5.3, or you want to write code that will work +whether or not the PECL extension is available, you'll want to use the +**`ParagonIE_Sodium_Compat`** class for most of your libsodium needs. + +The above example, written for general use: + +```php +<?php +require_once "/path/to/sodium_compat/autoload.php"; + +$alice_kp = ParagonIE_Sodium_Compat::crypto_sign_keypair(); +$alice_sk = ParagonIE_Sodium_Compat::crypto_sign_secretkey($alice_kp); +$alice_pk = ParagonIE_Sodium_Compat::crypto_sign_publickey($alice_kp); + +$message = 'This is a test message.'; +$signature = ParagonIE_Sodium_Compat::crypto_sign_detached($message, $alice_sk); +if (ParagonIE_Sodium_Compat::crypto_sign_verify_detached($signature, $message, $alice_pk)) { + echo 'OK', PHP_EOL; +} else { + throw new Exception('Invalid signature'); +} +``` + +Generally: If you replace `\Sodium\ ` with `ParagonIE_Sodium_Compat::`, any +code already written for the libsodium PHP extension should work with our +polyfill without additional code changes. + +Since this doesn't require a namespace, this API *is* exposed on PHP 5.2. + +Since version 0.7.0, we have our own namespaced API (`ParagonIE\Sodium\*`) to allow brevity +in software that uses PHP 5.3+. This is useful if you want to use our file cryptography +features without writing `ParagonIE_Sodium_File` every time. This is not exposed on PHP < 5.3, +so if your project supports PHP < 5.3, use the underscore method instead. + +To learn how to use Libsodium, read [*Using Libsodium in PHP Projects*](https://paragonie.com/book/pecl-libsodium). + +## Help, Sodium_Compat is Slow! How can I make it fast? + +There are three ways to make it fast: + +1. Use a newer version of PHP (at least 7.2). +2. [Install the libsodium PHP extension from PECL](https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium). +3. Only if the previous two options are not available for you: + 1. Verify that [the processor you're using actually implements constant-time multiplication](https://bearssl.org/ctmul.html). + Sodium_compat does, but it must trade some speed in order to attain cross-platform security. + 2. Only if you are 100% certain that your processor is safe, you can set `ParagonIE_Sodium_Compat::$fastMult = true;` + without harming the security of your cryptography keys. If your processor *isn't* safe, then decide whether you + want speed or security because you can't have both. + +### How can I tell if sodium_compat will be slow, at runtime? + +Since version 1.8, you can use the `polyfill_is_fast()` static method to +determine if sodium_compat will be slow at runtime. + +```php +<?php +if (ParagonIE_Sodium_Compat::polyfill_is_fast()) { + // Use libsodium now + $process->execute(); +} else { + // Defer to a cron job or other sort of asynchronous process + $process->enqueue(); +} +``` + +### Help, my PHP only has 32-Bit Integers! It's super slow! + +If the `PHP_INT_SIZE` constant equals `4` instead of `8` (PHP 5 on Windows, +Linux on i386, etc.), you will run into **significant performance issues**. + +In particular: public-key cryptography (encryption and signatures) +is affected. There is nothing we can do about that. + +The root cause of these performance issues has to do with implementing cryptography +algorithms in constant-time using 16-bit limbs (to avoid overflow) in pure PHP. + +To mitigate these performance issues, simply install PHP 7.2 or newer and enable +the `sodium` extension. + +Affected users are encouraged to install the sodium extension (or libsodium from +older version of PHP). + +Windows users on PHP 5 may be able to simply upgrade to PHP 7 and the slowdown +will be greatly reduced. + +## Documentation + +First, you'll want to read the [Libsodium Quick Reference](https://paragonie.com/blog/2017/06/libsodium-quick-reference-quick-comparison-similar-functions-and-which-one-use). +It aims to answer, "Which function should I use for [common problem]?". + +If you don't find the answers in the Quick Reference page, check out +[*Using Libsodium in PHP Projects*](https://paragonie.com/book/pecl-libsodium). + +Finally, the [official libsodium documentation](https://download.libsodium.org/doc/) +(which was written for the C library, not the PHP library) also contains a lot of +insightful technical information you may find helpful. + +## API Coverage + +**Recommended reading:** [Libsodium Quick Reference](https://paragonie.com/blog/2017/06/libsodium-quick-reference-quick-comparison-similar-functions-and-which-one-use) + +* Mainline NaCl Features + * `crypto_auth()` + * `crypto_auth_verify()` + * `crypto_box()` + * `crypto_box_open()` + * `crypto_scalarmult()` + * `crypto_secretbox()` + * `crypto_secretbox_open()` + * `crypto_sign()` + * `crypto_sign_open()` +* PECL Libsodium Features + * `crypto_aead_aes256gcm_encrypt()` + * `crypto_aead_aes256gcm_decrypt()` + * `crypto_aead_chacha20poly1305_encrypt()` + * `crypto_aead_chacha20poly1305_decrypt()` + * `crypto_aead_chacha20poly1305_ietf_encrypt()` + * `crypto_aead_chacha20poly1305_ietf_decrypt()` + * `crypto_aead_xchacha20poly1305_ietf_encrypt()` + * `crypto_aead_xchacha20poly1305_ietf_decrypt()` + * `crypto_box_xchacha20poly1305()` + * `crypto_box_xchacha20poly1305_open()` + * `crypto_box_seal()` + * `crypto_box_seal_open()` + * `crypto_generichash()` + * `crypto_generichash_init()` + * `crypto_generichash_update()` + * `crypto_generichash_final()` + * `crypto_kx()` + * `crypto_secretbox_xchacha20poly1305()` + * `crypto_secretbox_xchacha20poly1305_open()` + * `crypto_shorthash()` + * `crypto_sign_detached()` + * `crypto_sign_ed25519_pk_to_curve25519()` + * `crypto_sign_ed25519_sk_to_curve25519()` + * `crypto_sign_verify_detached()` + * For advanced users only: + * `crypto_core_ristretto255_add()` + * `crypto_core_ristretto255_from_hash()` + * `crypto_core_ristretto255_is_valid_point()` + * `crypto_core_ristretto255_random()` + * `crypto_core_ristretto255_scalar_add()` + * `crypto_core_ristretto255_scalar_complement()` + * `crypto_core_ristretto255_scalar_invert()` + * `crypto_core_ristretto255_scalar_mul()` + * `crypto_core_ristretto255_scalar_negate()` + * `crypto_core_ristretto255_scalar_random()` + * `crypto_core_ristretto255_scalar_reduce()` + * `crypto_core_ristretto255_scalar_sub()` + * `crypto_core_ristretto255_sub()` + * `crypto_scalarmult_ristretto255_base()` + * `crypto_scalarmult_ristretto255()` + * `crypto_stream()` + * `crypto_stream_keygen()` + * `crypto_stream_xor()` + * `crypto_stream_xchacha20()` + * `crypto_stream_xchacha20_keygen()` + * `crypto_stream_xchacha20_xor()` + * `crypto_stream_xchacha20_xor_ic()` + * Other utilities (e.g. `crypto_*_keypair()`) + * `add()` + * `base642bin()` + * `bin2base64()` + * `bin2hex()` + * `hex2bin()` + * `crypto_kdf_derive_from_key()` + * `crypto_kx_client_session_keys()` + * `crypto_kx_server_session_keys()` + * `crypto_secretstream_xchacha20poly1305_init_push()` + * `crypto_secretstream_xchacha20poly1305_push()` + * `crypto_secretstream_xchacha20poly1305_init_pull()` + * `crypto_secretstream_xchacha20poly1305_pull()` + * `crypto_secretstream_xchacha20poly1305_rekey()` + * `pad()` + * `unpad()` + +### Cryptography Primitives Provided + +* **X25519** - Elliptic Curve Diffie Hellman over Curve25519 +* **Ed25519** - Edwards curve Digital Signature Algorithm over Curve25519 +* **Xsalsa20** - Extended-nonce Salsa20 stream cipher +* **ChaCha20** - Stream cipher +* **Xchacha20** - Extended-nonce ChaCha20 stream cipher +* **Poly1305** - Polynomial Evaluation Message Authentication Code modulo 2^130 - 5 +* **BLAKE2b** - Cryptographic Hash Function +* **SipHash-2-4** - Fast hash, but not collision-resistant; ideal for hash tables. + +### Features Excluded from this Polyfill + +* `\Sodium\memzero()` - Although we expose this API endpoint, we can't reliably + zero buffers from PHP. + + If you have the PHP extension installed, sodium_compat + will use the native implementation to zero out the string provided. Otherwise + it will throw a `SodiumException`. +* `\Sodium\crypto_pwhash()` - It's not feasible to polyfill scrypt or Argon2 + into PHP and get reasonable performance. Users would feel motivated to select + parameters that downgrade security to avoid denial of service (DoS) attacks. + + The only winning move is not to play. + + If ext/sodium or ext/libsodium is installed, these API methods will fallthrough + to the extension. Otherwise, our polyfill library will throw a `SodiumException`. + + To detect support for Argon2i at runtime, use + `ParagonIE_Sodium_Compat::crypto_pwhash_is_available()`, which returns a + boolean value (`TRUE` or `FALSE`). + +### PHPCompatibility Ruleset + +For sodium_compat users and that utilize [`PHPCompatibility`](https://github.com/PHPCompatibility/PHPCompatibility) +in their CI process, there is now a custom ruleset available which can be used +to prevent false positives being thrown by `PHPCompatibility` for the native +PHP functionality being polyfilled by this repo. + +You can find the repo for the `PHPCompatibilityParagonieSodiumCompat` ruleset +here [on Github](https://github.com/PHPCompatibility/PHPCompatibilityParagonie) +and [on Packagist](https://packagist.org/packages/phpcompatibility/phpcompatibility-paragonie). |