Skip to content
This repository was archived by the owner on Apr 29, 2019. It is now read-only.

Discussion: Encryption with Libsodium

Jump to bottom
Olga Kopylova edited this page May 4, 2018 · 4 revisions

The original Design Document is at HLD Removing mcrypt and adding libsodium.

Purpose of this page is to provide transparency via an open discussion. The page may include:

  • open questions
  • ideas and proposals
  • notes and action items from the meetings

The page will be updated as the discussion progresses. See revisions of the page if needed.

Tasks

See epic https://app.zenhub.com/workspace/o/magento-engcom/php-7.2-support/issues/127

To Investigate

  1. Decide on migration strategy (#134)
    1. Calculate possible amount of stored encrypted data
  2. Investigate if it's safe to use https://github.com/paragonie/sodium_compat (#133)
    1. It supports functions mentioned above
  3. Based on the #2 decide on the implementation strategy:
    1. Completely switch to sodium (if sodium_compat is an acceptable option)
    2. Support both mcrypt and sodium based on what's installed in the system. Use mcrypt_compat for mcrypt support as we don't have mcrypt in composer.json requirements

Update or Add to the HLD

  1. Use crypto_aead_*: What functions should we use: crypto_aead_* or crypto_secretbox*? See - recommendations (includes code sample)
    1. Also, clarify what ciphers are used to understand what needs to be added to the ciphertext
      1. XChaCha20-Poly1305-IETF (check what's supported by current library version) for crypto_aead_xchacha20poly1305_ietf or xsalsa20poly1305 for crypto_secretbox
  2. Use mcrypt for decrypting existing data. Use mcrypt_compat. The \Magento\Framework\Encryption\Crypt::encrypt() in Magento Framework should be deprecated

May 4th Call

  • First step: encryption only. Hashing can be done as a separate step later.
    • To confirm with Piotr (Olga)
  • Use crypto_aead_xchacha20poly1305_ietf*
    • Update HLD (Olga)
  • Data migration:
    1. Support "on-demand" approach. Current pattern in decryption supports this, we should follow it.
    2. Migrate on upgrade step. Investigate upgrade performance implications. Run test on different amount of data.
      • Create a task (Olga)
  • https://github.com/paragonie/sodium_compat
    • Follow-up on whether we can use this (Steven)
    1. Use sodium_compat for development now. Change later if necessary
  • https://github.com/phpseclib/mcrypt_compat
    • Follow-up on whether we can use this (Steven)
  • Check performance with new implementation, both with native Sodium and sodium_compat one.
    • Create a task (Olga)
Clone this wiki locally