• Stars
    star
    894
  • Rank 51,071 (Top 2 %)
  • Language
    PHP
  • License
    ISC License
  • Created about 8 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Pure PHP polyfill for ext/sodium

Sodium Compat

Build Status Psalm Status Latest Stable Version Latest Unstable Version License Downloads

Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium), a core extension in PHP 7.2.0+ and otherwise available in PECL.

If you have the PHP extension installed, Sodium Compat will opportunistically and transparently use the PHP extension instead of our implementation.

Major Versions and Branches

sodium_compat v1.21.0 was the last v1.x release from the master branch. From now on, all future releases that support PHP 5.2 - 8.0 and 32-bit integers will be in the v1.x branch.

Newer versions of sodium_compat (i.e., v2.0.0) will continue to live in the master branch, unless a new major version is needed. The goal of this work is to improve code readability and performance, while reducing boilerplate code.

When in doubt, refer to the README file in the master branch for the latest in version information.

Which version should I use?

sodium_compat version PHP versions supported 32-bit support? Branch
v1.x.y 5.2.4 - LATEST YES v1.x
v2.x.y 8.1 - LATEST NO master

If you need 32-bit PHP support (PHP_INT_SIZE == 4), continue using sodium_compat v1.x. If you want improved performance and smaller dependencies, use v2.x.

We recommend libraries and frameworks set a Composer version constraint as follows:

{
    "require": {
        /* ... */
        "paragonie/sodium_compat": ">= 1"
        /* ... */
    }
}

Applications should, conversely, specify the actual version that matters to them and their deployments.

IMPORTANT!

This cryptography library has not been formally audited by an independent third party that specializes in cryptography or cryptanalysis.

If you require such an audit before you can use sodium_compat in your projects and have the funds for such an audit, please open an issue or contact security at paragonie dot com so we can help get the ball rolling.

However, sodium_compat has been adopted by high profile open source projects, such as Joomla! and Magento. Furthermore, sodium_compat was developed by Paragon Initiative Enterprises, a company that specializes in secure PHP development and PHP cryptography, and has been informally reviewed by many other security experts who also specialize in PHP.

If you'd like to learn more about the defensive security measures we've taken to prevent sodium_compat from being a source of vulnerability in your systems, please read Cryptographically Secure PHP Development.

Installing Sodium Compat

If you're using Composer:

composer require paragonie/sodium_compat

Install From Source

If you're not using Composer, download a release tarball (which should be signed with our GnuPG public key), extract its contents, then include our autoload.php script in your project.

<?php
require_once "/path/to/sodium_compat/autoload.php";

PHP Archives (Phar) Releases

Since version 1.3.0, sodium_compat releases include a PHP Archive (.phar file) and associated GPG signature. First, download both files and verify them with our GPG public key, like so:

# Getting our public key from the keyserver:
gpg --fingerprint 7F52D5C61D1255C731362E826B97A1C2826404DA
if [ $? -ne 0 ]; then
    echo -e "\033[33mDownloading PGP Public Key...\033[0m"
    gpg  --keyserver pgp.mit.edu --recv-keys 7F52D5C61D1255C731362E826B97A1C2826404DA
    # Security <[email protected]>
    gpg --fingerprint 7F52D5C61D1255C731362E826B97A1C2826404DA
    if [ $? -ne 0 ]; then
        echo -e "\033[31mCould not download PGP public key for verification\033[0m"
        exit 1
    fi
fi

# Verifying the PHP Archive
gpg --verify sodium-compat.phar.sig sodium-compat.phar

Now, simply include this .phar file in your application.

<?php
require_once "/path/to/sodium-compat.phar";

Support

Commercial support for libsodium is available from multiple vendors. If you need help using sodium_compat in one of your projects, contact Paragon Initiative Enterprises.

Non-commercial report will be facilitated through Github issues. We offer no guarantees of our availability to resolve questions about integrating sodium_compat into third-party software for free, but will strive to fix any bugs (security-related or otherwise) in our library.

Support Contracts

If your company uses this library in their products or services, you may be interested in purchasing a support contract from Paragon Initiative Enterprises.

Using Sodium Compat

True Polyfill

As per the second vote on the libsodium RFC, PHP 7.2 uses sodium_* instead of \Sodium\*.

<?php
require_once "/path/to/sodium_compat/autoload.php";

$alice_kp = sodium_crypto_sign_keypair();
$alice_sk = sodium_crypto_sign_secretkey($alice_kp);
$alice_pk = sodium_crypto_sign_publickey($alice_kp);

$message = 'This is a test message.';
$signature = sodium_crypto_sign_detached($message, $alice_sk);
if (sodium_crypto_sign_verify_detached($signature, $message, $alice_pk)) {
    echo 'OK', PHP_EOL;
} else {
    throw new Exception('Invalid signature');
}

General-Use Polyfill

If your users are on PHP < 5.3, or you want to write code that will work whether or not the PECL extension is available, you'll want to use the ParagonIE_Sodium_Compat class for most of your libsodium needs.

The above example, written for general use:

<?php
require_once "/path/to/sodium_compat/autoload.php";

$alice_kp = ParagonIE_Sodium_Compat::crypto_sign_keypair();
$alice_sk = ParagonIE_Sodium_Compat::crypto_sign_secretkey($alice_kp);
$alice_pk = ParagonIE_Sodium_Compat::crypto_sign_publickey($alice_kp);

$message = 'This is a test message.';
$signature = ParagonIE_Sodium_Compat::crypto_sign_detached($message, $alice_sk);
if (ParagonIE_Sodium_Compat::crypto_sign_verify_detached($signature, $message, $alice_pk)) {
    echo 'OK', PHP_EOL;
} else {
    throw new Exception('Invalid signature');
}

Generally: If you replace sodium_ with ParagonIE_Sodium_Compat::, any code already written for the libsodium PHP extension should work with our polyfill without additional code changes.

Since this doesn't require a namespace, this API is exposed on PHP 5.2.

Since version 0.7.0, we have our own namespaced API (ParagonIE\Sodium\*) to allow brevity in software that uses PHP 5.3+. This is useful if you want to use our file cryptography features without writing ParagonIE_Sodium_File every time. This is not exposed on PHP < 5.3, so if your project supports PHP < 5.3, use the underscore method instead.

To learn how to use Libsodium, read Using Libsodium in PHP Projects.

Help, Sodium_Compat is Slow! How can I make it fast?

There are three ways to make it fast:

  1. Use a newer version of PHP (at least 7.2).
  2. Install the libsodium PHP extension from PECL.
  3. Only if the previous two options are not available for you:
    1. Verify that the processor you're using actually implements constant-time multiplication. Sodium_compat does, but it must trade some speed in order to attain cross-platform security.
    2. Only if you are 100% certain that your processor is safe, you can set ParagonIE_Sodium_Compat::$fastMult = true; without harming the security of your cryptography keys. If your processor isn't safe, then decide whether you want speed or security because you can't have both.

How can I tell if sodium_compat will be slow, at runtime?

Since version 1.8, you can use the polyfill_is_fast() static method to determine if sodium_compat will be slow at runtime.

<?php
if (ParagonIE_Sodium_Compat::polyfill_is_fast()) {
    // Use libsodium now
    $process->execute();
} else {
    // Defer to a cron job or other sort of asynchronous process
    $process->enqueue();
}

Documentation

First, you'll want to read the Libsodium Quick Reference. It aims to answer, "Which function should I use for [common problem]?".

If you don't find the answers in the Quick Reference page, check out Using Libsodium in PHP Projects.

Finally, the official libsodium documentation (which was written for the C library, not the PHP library) also contains a lot of insightful technical information you may find helpful.

API Coverage

Recommended reading: Libsodium Quick Reference

  • Mainline NaCl Features
    • crypto_auth()
    • crypto_auth_verify()
    • crypto_box()
    • crypto_box_open()
    • crypto_scalarmult()
    • crypto_secretbox()
    • crypto_secretbox_open()
    • crypto_sign()
    • crypto_sign_open()
  • PECL Libsodium Features
    • crypto_aead_aegis128l_encrypt()
    • crypto_aead_aegis128l_decrypt()
    • crypto_aead_aegis256_encrypt()
    • crypto_aead_aegis256_decrypt()
    • crypto_aead_aes256gcm_encrypt()
    • crypto_aead_aes256gcm_decrypt()
    • crypto_aead_chacha20poly1305_encrypt()
    • crypto_aead_chacha20poly1305_decrypt()
    • crypto_aead_chacha20poly1305_ietf_encrypt()
    • crypto_aead_chacha20poly1305_ietf_decrypt()
    • crypto_aead_xchacha20poly1305_ietf_encrypt()
    • crypto_aead_xchacha20poly1305_ietf_decrypt()
    • crypto_box_xchacha20poly1305()
    • crypto_box_xchacha20poly1305_open()
    • crypto_box_seal()
    • crypto_box_seal_open()
    • crypto_generichash()
    • crypto_generichash_init()
    • crypto_generichash_update()
    • crypto_generichash_final()
    • crypto_kx()
    • crypto_secretbox_xchacha20poly1305()
    • crypto_secretbox_xchacha20poly1305_open()
    • crypto_shorthash()
    • crypto_sign_detached()
    • crypto_sign_ed25519_pk_to_curve25519()
    • crypto_sign_ed25519_sk_to_curve25519()
    • crypto_sign_verify_detached()
    • For advanced users only:
      • crypto_core_ristretto255_add()
      • crypto_core_ristretto255_from_hash()
      • crypto_core_ristretto255_is_valid_point()
      • crypto_core_ristretto255_random()
      • crypto_core_ristretto255_scalar_add()
      • crypto_core_ristretto255_scalar_complement()
      • crypto_core_ristretto255_scalar_invert()
      • crypto_core_ristretto255_scalar_mul()
      • crypto_core_ristretto255_scalar_negate()
      • crypto_core_ristretto255_scalar_random()
      • crypto_core_ristretto255_scalar_reduce()
      • crypto_core_ristretto255_scalar_sub()
      • crypto_core_ristretto255_sub()
      • crypto_scalarmult_ristretto255_base()
      • crypto_scalarmult_ristretto255()
      • crypto_stream()
      • crypto_stream_keygen()
      • crypto_stream_xor()
      • crypto_stream_xchacha20()
      • crypto_stream_xchacha20_keygen()
      • crypto_stream_xchacha20_xor()
      • crypto_stream_xchacha20_xor_ic()
    • Other utilities (e.g. crypto_*_keypair())
      • add()
      • base642bin()
      • bin2base64()
      • bin2hex()
      • hex2bin()
      • crypto_kdf_derive_from_key()
      • crypto_kx_client_session_keys()
      • crypto_kx_server_session_keys()
      • crypto_secretstream_xchacha20poly1305_init_push()
      • crypto_secretstream_xchacha20poly1305_push()
      • crypto_secretstream_xchacha20poly1305_init_pull()
      • crypto_secretstream_xchacha20poly1305_pull()
      • crypto_secretstream_xchacha20poly1305_rekey()
      • pad()
      • unpad()

Cryptography Primitives Provided

  • X25519 - Elliptic Curve Diffie Hellman over Curve25519
  • Ed25519 - Edwards curve Digital Signature Algorithm over Curve25519
  • Xsalsa20 - Extended-nonce Salsa20 stream cipher
  • ChaCha20 - Stream cipher
  • Xchacha20 - Extended-nonce ChaCha20 stream cipher
  • Poly1305 - Polynomial Evaluation Message Authentication Code modulo 2^130 - 5
  • BLAKE2b - Cryptographic Hash Function
  • SipHash-2-4 - Fast hash, but not collision-resistant; ideal for hash tables.

Features Excluded from this Polyfill

  • sodium_memzero() - Although we expose this API endpoint, we can't reliably zero buffers from PHP.

    If you have the PHP extension installed, sodium_compat will use the native implementation to zero out the string provided. Otherwise it will throw a SodiumException.

  • sodium_crypto_pwhash() - It's not feasible to polyfill scrypt or Argon2 into PHP and get reasonable performance. Users would feel motivated to select parameters that downgrade security to avoid denial of service (DoS) attacks.

    The only winning move is not to play.

    If ext/sodium or ext/libsodium is installed, these API methods will fallthrough to the extension. Otherwise, our polyfill library will throw a SodiumException.

    To detect support for Argon2i at runtime, use ParagonIE_Sodium_Compat::crypto_pwhash_is_available(), which returns a boolean value (TRUE or FALSE).

  • Libsodium's HKDF API (crypto_kdf_hkdf_*()) is not included because PHP has its own HMAC features amd it was not deemed necessary.

PHPCompatibility Ruleset

For sodium_compat users and that utilize PHPCompatibility in their CI process, there is now a custom ruleset available which can be used to prevent false positives being thrown by PHPCompatibility for the native PHP functionality being polyfilled by this repo.

You can find the repo for the PHPCompatibilityParagonieSodiumCompat ruleset here on Github and on Packagist.

More Repositories

1

random_compat

PHP 5.x support for random_bytes() and random_int()
PHP
8,170
star
2

awesome-appsec

A curated list of resources for learning about application security
PHP
6,305
star
3

paseto

Platform-Agnostic Security Tokens
PHP
3,248
star
4

halite

High-level cryptography interface powered by libsodium
PHP
1,124
star
5

constant_time_encoding

Constant-Time Character Encoding in PHP Projects
PHP
816
star
6

easydb

Easy-to-use PDO wrapper for PHP projects.
PHP
736
star
7

csp-builder

Build Content-Security-Policy headers from a JSON file (or build them programmatically)
PHP
543
star
8

chronicle

Public append-only ledger microservice built with Slim Framework
PHP
469
star
9

ciphersweet

Fast, searchable field-level encryption for PHP projects
PHP
436
star
10

airship

Secure Content Management for the Modern Web - "The sky is only the beginning"
PHP
418
star
11

sapient

Secure API Toolkit
PHP
314
star
12

anti-csrf

Full-Featured Anti-CSRF Library
PHP
297
star
13

certainty

Automated cacert.pem management for PHP projects
PHP
262
star
14

EasyRSA

Simple and Secure Wrapper for phpseclib
PHP
198
star
15

password_lock

Wraps Bcrypt-SHA2 in Authenticated Encryption
PHP
190
star
16

sodium-plus

Developer-friendly libsodium interface
JavaScript
171
star
17

multi_factor

Vendor-Agnostic Two-Factor Authentication
PHP
142
star
18

gpg-mailer

GnuPG-encrypted emails made easy
PHP
96
star
19

pecl-libsodium-doc

Free Online Documentation for the Libsodium PHP Extension
88
star
20

typed-arrays

Userland typed array implementation
PHP
74
star
21

ciphersweet-js

Searchable Encryption for Node.js projects
JavaScript
65
star
22

hidden-string

The HiddenString class extracted from Halite.
PHP
64
star
23

corner

Exceptions and Errors made more user-friendly
PHP
62
star
24

paseto-io

Paseto Website
Twig
58
star
25

iaso

Powerful JSON Toolkit, includes a JSON parser immune to Hash-DoS attacks
PHP
51
star
26

easy-ecc

High-Level Usability Wrapper for PHPECC
PHP
44
star
27

hpkp-builder

Build HTTP Public-Key-Pinning headers from a JSON file (or build them programmatically)
PHP
41
star
28

seedspring

Seeded, Deterministic PRNG (based on AES-CTR instead of LCG)
PHP
39
star
29

passwdqc

Password/passphrase strength checking and enforcement (PHP port)
PHP
39
star
30

pharaoh

Utility to quickly and effectively diff two PHP Archives
PHP
36
star
31

libgossamer

Public Key Infrastructure without Certificate Authorities, for WordPress and Packagist
PHP
33
star
32

ionizer

Input Filter System for PHP Software
PHP
32
star
33

easydb-cache

EasyDB with Prepared Statement Caching
PHP
30
star
34

argon2-refiner

Generate Parameter Recommendations for Argon2id in PHP 7.3+
PHP
25
star
35

bsidesorl-2017

Supplementary Material for Building Defensible Solutions to Weird Problems
PHP
23
star
36

blakechain

Hash chains built with BLAKE2b
PHP
22
star
37

quill

Library for quickly and easily writing data to a Chronicle instance
PHP
21
star
38

stern

Stern lets you built type-safe PHP projects, even if your project's users aren't writing type-safe code
PHP
21
star
39

herd

Hash-Ensured Replicated Database
PHP
16
star
40

eloquent-ciphersweet

Bridge library between Eloquent ORM and CipherSweet
PHP
14
star
41

discretion

On-demand and reusable contact forms that only send GnuPG-encrypted messages to your inbox.
PHP
13
star
42

xchacha20-js

JavaScript implementation of ChaCha20, HChaCha20, and XChaCha20
JavaScript
12
star
43

pco_prototype

PCO - PHP Crypto Objects
PHP
12
star
44

paserk-php

PHP Implementation of PASERK
PHP
12
star
45

slim-sapient

Slim Framework Adapter for Sapient
PHP
10
star
46

airship-docs

Documentation for CMS Airship
Nginx
10
star
47

php-jwt-guard

Security Defense for Firebase's PHP-JWT Library
PHP
9
star
48

zend-diactoros-sapient

Zend Diactoros Adapter for Sapient
PHP
8
star
49

phone-to-pick

Whitelist Your Incoming Phone Calls (for Android)
Java
7
star
50

gossamer-server

Standalone Gossamer server
PHP
5
star
51

poly1305-js

JavaScript implementation of the Poly1305 one-time authenticator
JavaScript
5
star
52

paseto-browser.js

PASETO in the Web Browser
JavaScript
4
star
53

airship-barge

Build Gadgets for Airship projects (Command Line Interface)
PHP
3
star
54

monolog-quill

A Monolog Handler for writing to a Chronicle instance
PHP
3
star
55

sodium-jvm

Pure-Java implementation of the Sodium cryptography library.
3
star
56

blogpost-translations

Translations of Paragon Initiative Enterprise blog posts
2
star
57

ward-docs

Online Documentation for Ward (Web Application Realtime Defender)
2
star
58

php71_crypto

Pluggable Cryptography Interface for PHP 7.1
2
star
59

ristretto-php

Implements a type-safe API for working with the Ristretto Group in PHP projects.
PHP
2
star
60

node-halite

High-level cryptography interface powered by node-sodium
1
star
61

pie-hosted.com

Source code for the pie-hosted.com website
PHP
1
star
62

halite-legacy

Legacy versions of Halite to facilitate migrations from older ciphersuites to the latest supported version
PHP
1
star
63

certainty-js

Certainty-js: Automated CACert.pem Management for Node.js Software
JavaScript
1
star